summaryrefslogtreecommitdiffstats
path: root/plugins/sslutils.c
diff options
context:
space:
mode:
authorTobias Wiese <tobias@tobiaswiese.com>2021-05-23 01:39:15 +0200
committerwaja <waja@users.noreply.github.com>2022-01-30 12:25:56 +0100
commit31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4 (patch)
tree27c5416f0096e89f168c1baaa1909537fb453223 /plugins/sslutils.c
parent986b2479465648c49a7eefc3fbf4df8860e3e4b7 (diff)
downloadmonitoring-plugins-31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4.tar.gz
sslutils: use chain from client certificates
sslutils used to load only the first certificate when it was given a client certificate file. Added tests for check_http to connect to a http server that expects a client certificate (simple and with chain). Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
Diffstat (limited to 'plugins/sslutils.c')
-rw-r--r--plugins/sslutils.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 14f6579d..286273f6 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
134 return STATE_CRITICAL; 134 return STATE_CRITICAL;
135 } 135 }
136 if (cert && privkey) { 136 if (cert && privkey) {
137 SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); 137 SSL_CTX_use_certificate_chain_file(c, cert);
138 SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); 138 SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
139#ifdef USE_OPENSSL 139#ifdef USE_OPENSSL
140 if (!SSL_CTX_check_private_key(c)) { 140 if (!SSL_CTX_check_private_key(c)) {