On Fri, Sep 11, 2015 at 09:32:56AM -0700, Gurucharan Shetty wrote: > When --certificate option is provided, we currently use > SSL_CTX_use_certificate_chain_file() function to add > that certificate. If our single certificate file had multiple > certificates (as a chain), all of them would get added and sent > to the remote peer. But once you call > SSL_CTX_use_certificate_chain_file(), any future calls to > SSL_CTX_add_extra_chain_cert() (called when --peer-ca-cert option > is used) had no effect. > > Since our man pages and INSTALL.SSL.md say that --certificate > is used to specify one certificate and additional certificates > are sent via --peer-ca-cert, this commit changes > SSL_CTX_use_certificate_chain_file() use to > SSL_CTX_use_certificate_file(). With this, additional certificates > can now be added via --peer-ca-cert option. > > The test case added with this commit would fail without the > above changes. > > Signed-off-by: Gurucharan Shetty <gshe...@nicira.com>
Thanks! Acked-by: Ben Pfaff <b...@nicira.com> _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
