DO NOT REPLY [Bug 14560] - SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x

From: <bugzilla(at)apache.org>
Date: Fri Feb 28 2003 - 16:51:09 EST

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560

SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x

• Additional Comments From ballou@crab.mv.com 2003-02-28 21:51 ------- I think this is because the boolean skip_first in ssl_init_ctx_cert_chain is mistakenly initialized as TRUE (should be FALSE). This means the first certificate in the SSLCertificateChain file is always ignored. (The intent seems to be to allow the same file to be named in the SSLCertificateFile and SSLCertificateChain file directive. If this is the case, the code assumes the first certificate in the chain file is the SSL server's certificate. This certificate is skipped when adding the extra certificates to the SSL context.)

I have tested the attached patch against version 2.0.44 and verified that it causes the SSLCertificateChain directive to work as documented.

---

To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org Received on Fri Feb 28 21:49:28 2003