mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Merge branch '2514-tls-cert-chain' into 'main'

Browse Source 
Load full certificate chain from a certificate chain file

Closes #2514

See merge request isc-projects/bind9!4792
This commit is contained in:
Artem Boldariev
2021-03-16 10:33:35 +00:00
parent 6dee5c1b28 c69fafdd65
commit 50eaa0f38f
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
5600. [bug] Load a certificate chain file so that the full chain is
sent to DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH)
clients that require full chain verification. [GL #2514]
5599. [bug] Fix a crash when transferring a zone over TLS, 5599. [bug] Fix a crash when transferring a zone over TLS,
after "named" previously skipped a master. [GL #2562] after "named" previously skipped a master. [GL #2562]

3
lib/isc/tls.c
View File

@@ -311,8 +311,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
BN_free(bn); BN_free(bn);
} else { } else {
rv = SSL_CTX_use_certificate_file(ctx, certfile, rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
SSL_FILETYPE_PEM);
if (rv != 1) { if (rv != 1) {
goto ssl_error; goto ssl_error;
} }