ITS#8586 load cert+chain from TLSCertificateFile

For OpenSSL

doc/man/man5/slapd.conf.5

@@ -1148,7 +1148,7 @@ Specifies the file that contains certificates for all of the Certificate
 Authorities that
 .B slapd
 will recognize.  The certificate for
-the CA that signed the server certificate must be included among
+the CA that signed the server certificate must(GnuTLS)/may(OpenSSL) be included among
 these certificates. If the signing CA was not a top-level (root) CA,
 certificates for the entire sequence of CA's from the signing CA to
 the top-level CA should be present. Multiple certificates are simply
@@ -1164,6 +1164,9 @@ locations will be used.
 Specifies the file that contains the
 .B slapd
 server certificate.
+
+When using OpenSSL that file may also contain any number or intermediate
+certificates.
 .TP
 .B TLSCertificateKeyFile <filename>
 Specifies the file that contains the

libraries/libldap/tls_o.c

@@ -465,8 +465,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		X509_free( cert );
 	} else
 	if ( lo->ldo_tls_certfile &&
-		!SSL_CTX_use_certificate_file( ctx,
-			lt->lt_certfile, SSL_FILETYPE_PEM ) )
+		!SSL_CTX_use_certificate_chain_file( ctx, lt->lt_certfile) )
 	{
 		Debug1( LDAP_DEBUG_ANY,
 			"TLS: could not use certificate file `%s'.\n",