[#26] Use SSL_CTX_use_certificate_chain_file

(reference #26) Via @mannol ``` Currently, libevhtp is using SSL_CTX_use_certificate_file to load a certificate file. That function lacks the ability to load the pinned certificate chain (if any) which has a consequence of connecting clients not trusting the received certificate. By using SSL_CTX_use_certificate_chain_file we give the libssl the ability to read and send the entire certificate chain (if any), which clients can check against. ```
Yellow-Camper · Dec 6, 2017 · 4c4eb3a · 4c4eb3a
1 parent 0848e08
commit 4c4eb3a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/evhtp.c b/evhtp.c
@@ -4878,7 +4878,7 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_cfg_t * cfg)
             break;
     }     /* switch */
 
-    SSL_CTX_use_certificate_file(htp->ssl_ctx, cfg->pemfile, SSL_FILETYPE_PEM);
+    SSL_CTX_use_certificate_chain_file(htp->ssl_ctx, cfg->pemfile);
 
     char * const key = cfg->privfile ?  cfg->privfile : cfg->pemfile;