From 31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4 Mon Sep 17 00:00:00 2001
From: Tobias Wiese <tobias@tobiaswiese.com>
Date: Sun, 23 May 2021 01:39:15 +0200
Subject: sslutils: use chain from client certificates

sslutils used to load only the first certificate when it was given a
client certificate file.

Added tests for check_http to connect to a http server that expects a
client certificate (simple and with chain).

Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
---
 plugins/sslutils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/sslutils.c')

diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 14f6579d..286273f6 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 		return STATE_CRITICAL;
 	}
 	if (cert && privkey) {
-		SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+		SSL_CTX_use_certificate_chain_file(c, cert);
 		SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
 		if (!SSL_CTX_check_private_key(c)) {
-- 
cgit v1.2.3-74-g34f1