summaryrefslogtreecommitdiffhomepage
path: root/src/event/ngx_event_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/event/ngx_event_openssl.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 49c513cbc..28212f4c7 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -408,6 +408,24 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
return NGX_ERROR;
}
+#ifdef SSL_CTRL_CHAIN_CERT
+
+ /*
+ * SSL_CTX_add0_chain_cert() is needed to add chain to
+ * a particular certificate when multiple certificates are used;
+ * only available in OpenSSL 1.0.2+
+ */
+
+ if (SSL_CTX_add0_chain_cert(ssl->ctx, x509) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_add0_chain_cert(\"%s\") failed",
+ cert->data);
+ X509_free(x509);
+ BIO_free(bio);
+ return NGX_ERROR;
+ }
+
+#else
if (SSL_CTX_add_extra_chain_cert(ssl->ctx, x509) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_add_extra_chain_cert(\"%s\") failed",
@@ -416,6 +434,7 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
BIO_free(bio);
return NGX_ERROR;
}
+#endif
}
BIO_free(bio);
generated by cgit (git 2.34.1) at 2025-12-29 16:30:48 +0000