MINIFICPP-1068 - Load entire certificate chain from PEM certificate file.
Signed-off-by: Arpad Boda <aboda@apache.org>
This closes #665
diff --git a/libminifi/src/controllers/SSLContextService.cpp b/libminifi/src/controllers/SSLContextService.cpp
index 10944e2..41957c5 100644
--- a/libminifi/src/controllers/SSLContextService.cpp
+++ b/libminifi/src/controllers/SSLContextService.cpp
@@ -89,7 +89,7 @@
EVP_PKEY_free(pkey);
X509_free(cert);
} else {
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ if (SSL_CTX_use_certificate_chain_file(ctx, certificate.c_str()) <= 0) {
logging::LOG_ERROR(logger_) << "Could not create load certificate " << certificate << ", " << getLatestOpenSSLErrorString();
return false;
}
diff --git a/libminifi/src/io/tls/TLSSocket.cpp b/libminifi/src/io/tls/TLSSocket.cpp
index e7909a0..9b094ea 100644
--- a/libminifi/src/io/tls/TLSSocket.cpp
+++ b/libminifi/src/io/tls/TLSSocket.cpp
@@ -92,7 +92,7 @@
}
}
// load certificates and private key in PEM format
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ if (SSL_CTX_use_certificate_chain_file(ctx, certificate.c_str()) <= 0) {
logger_->log_error("Could not load certificate %s, for %X and %X error : %s", certificate, this, ctx, std::strerror(errno));
error_value = TLS_ERROR_CERT_MISSING;
return error_value;