[ https://issues.apache.org/jira/browse/TS-4619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-4619: ------------------------------ Fix Version/s: 7.0.0 > intermediate certificate chain loading can miss certificates > ------------------------------------------------------------ > > Key: TS-4619 > URL: https://issues.apache.org/jira/browse/TS-4619 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: James Peach > Fix For: 7.0.0 > > > When loading intermediate SSL certificates, the original code used > {{SSL_CTX_add_extra_chain_cert_file}} which adds all the certificates in the > file. > The new code uses {{SSL_CTX_add0_chain_cert}} and passes it a single {{X509 > *}}, so it only ends up loading the first intermediate rather than all of > them. > This code occurs in 3 places with ugly {{#ifdefs}}. The right thing to do > here is to call {{SSL_CTX_add_extra_chain_cert_file}} in every place and > inside {{SSL_CTX_add_extra_chain_cert_file}} use {{SSL_CTX_add0_chain_cert}} > if it is available. > Also take a look at the place where the server certificate is loaded. This is > also allowed to be a bundle, so we can call > {{SSL_CTX_add_extra_chain_cert_file}} again to avoid the code duplication, > though at this point we already have a {{BIO}} in hand that we would need to > use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)