diff options
author | Tobias Wiese <tobias@tobiaswiese.com> | 2021-05-23 01:39:15 +0200 |
---|---|---|
committer | waja <waja@users.noreply.github.com> | 2022-01-30 12:25:56 +0100 |
commit | 31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4 (patch) | |
tree | 27c5416f0096e89f168c1baaa1909537fb453223 /plugins/sslutils.c | |
parent | 986b2479465648c49a7eefc3fbf4df8860e3e4b7 (diff) | |
download | monitoring-plugins-31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4.tar.gz |
sslutils: use chain from client certificates
sslutils used to load only the first certificate when it was given a
client certificate file.
Added tests for check_http to connect to a http server that expects a
client certificate (simple and with chain).
Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
Diffstat (limited to 'plugins/sslutils.c')
-rw-r--r-- | plugins/sslutils.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 14f6579d..286273f6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -134,7 +134,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int | |||
134 | return STATE_CRITICAL; | 134 | return STATE_CRITICAL; |
135 | } | 135 | } |
136 | if (cert && privkey) { | 136 | if (cert && privkey) { |
137 | SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); | 137 | SSL_CTX_use_certificate_chain_file(c, cert); |
138 | SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); | 138 | SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); |
139 | #ifdef USE_OPENSSL | 139 | #ifdef USE_OPENSSL |
140 | if (!SSL_CTX_check_private_key(c)) { | 140 | if (!SSL_CTX_check_private_key(c)) { |