[ previous ] [ next ] [ threads ]
 
 From:  Bernie O'Connor <Bernie dot OConnor at sas dot com>
 To:  "m0n0wall dash dev at lists dot m0n0 dot ch" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Cc:  Manuel Kasper <mk at neon1 dot net>
 Subject:  mini_httpd update to provide support for chained (intermediate CA) certificates
 Date:  Wed, 27 Feb 2008 12:22:52 -0500
I don't know if anyone else may be interested, but here is a patch that allows mini_httpd to send
the intermediate CA certificate when using https and the captive portal.  The way it works:

You put the server certificate and the intermediate CA certificate in the standard place in the
HTTPS certificate field in the Captive Portal configuration (put the server certificate first, then
the intermediate certificate -- both in pem format).  This change also works if you just have a
server certificate that does not require an intermediate CA certificate.

=================
--- mini_httpd.c.orig
+++ mini_httpd.c
@@ -599,7 +599,7 @@
        SSLeay_add_ssl_algorithms();
        ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
        if ( certfile[0] != '\0' )
-           if ( SSL_CTX_use_certificate_file( ssl_ctx, certfile, SSL_FILETYPE_PEM ) == 0 ||
+           if ( SSL_CTX_use_certificate_chain_file( ssl_ctx, certfile ) == 0 ||
                 SSL_CTX_use_PrivateKey_file( ssl_ctx, certfile, SSL_FILETYPE_PEM ) == 0 ||
                 SSL_CTX_check_private_key( ssl_ctx ) == 0 )
                {