Commit 680091b5 authored by Andreas Schulze's avatar Andreas Schulze Committed by Howard Chu
Browse files

ITS#8586 load cert+chain from TLSCertificateFile

For OpenSSL
parent c29f0315
......@@ -1148,7 +1148,7 @@ Specifies the file that contains certificates for all of the Certificate
Authorities that
.B slapd
will recognize. The certificate for
the CA that signed the server certificate must be included among
the CA that signed the server certificate must(GnuTLS)/may(OpenSSL) be included among
these certificates. If the signing CA was not a top-level (root) CA,
certificates for the entire sequence of CA's from the signing CA to
the top-level CA should be present. Multiple certificates are simply
......@@ -1164,6 +1164,9 @@ locations will be used.
Specifies the file that contains the
.B slapd
server certificate.
When using OpenSSL that file may also contain any number or intermediate
certificates.
.TP
.B TLSCertificateKeyFile <filename>
Specifies the file that contains the
......
......@@ -465,8 +465,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
X509_free( cert );
} else
if ( lo->ldo_tls_certfile &&
!SSL_CTX_use_certificate_file( ctx,
lt->lt_certfile, SSL_FILETYPE_PEM ) )
!SSL_CTX_use_certificate_chain_file( ctx, lt->lt_certfile) )
{
Debug1( LDAP_DEBUG_ANY,
"TLS: could not use certificate file `%s'.\n",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment