On 23/10/13 22:55, Piotr Sikora wrote:
Hey Rob,#if OPENSSL_VERSION_NUMBER >= 0x10002000L // OpenSSL 1.0.2 lets us do this properly Call SSL_CTX_add1_chain_cert(ssl->ctx, x509) #else If (number of ssl_certificate directives > 1) // Put this intermediate in the "trusted certificates store" Call X509_STORE_add_cert(ssl->ctx->cert_store, x509) Else // This is what Nginx does currently Call SSL_CTX_add_extra_chain_cert(ssl->ctx, x509) End If #endifFor the consistency sake, you should be using SSL_CTX_add0_chain_cert(), since it doesn't increase OpenSSL's internal reference count, same as SSL_CTX_add_extra_chain_cert()... If you want use SSL_CTX_add1_chain_cert() then you should free x509 afterwards.
Good point. Thanks Piotr! -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
