andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Not skip first cert when using OpenSslClientContext

Browse Source 
Motivation:

Due a copy and paste error we incorrectly skipped the first cert in the keyCertChainFile when using OpenSslClientContext.

Modifications:

Correctly not skip the first cert.

Result:

The certificate chain is correctly setup when using OpenSslClientContext.
This commit is contained in:
Norman Maurer 2015-06-08 10:58:42 +02:00
parent de1f1a61f3
commit 657f6a8a72
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
View File

@ -184,8 +184,8 @@ public final class OpenSslClientContext extends OpenSslContext {
} }
synchronized (OpenSslContext.class) { synchronized (OpenSslContext.class) {
if (trustCertChainFile != null) { if (trustCertChainFile != null) {
/* Load the certificate chain. We must skip the first cert when server mode */ /* Load the certificate chain. We must NOT skip the first cert when client mode */
if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), true)) { if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), false)) {
long error = SSL.getLastErrorNumber(); long error = SSL.getLastErrorNumber();
if (OpenSsl.isError(error)) { if (OpenSsl.isError(error)) {
throw new SSLException( throw new SSLException(