Not skip first cert when using OpenSslClientContext
Motivation: Due a copy and paste error we incorrectly skipped the first cert in the keyCertChainFile when using OpenSslClientContext. Modifications: Correctly not skip the first cert. Result: The certificate chain is correctly setup when using OpenSslClientContext.
This commit is contained in:
parent
95e7c7a027
commit
afe3a3a141
@ -184,8 +184,8 @@ public final class OpenSslClientContext extends OpenSslContext {
|
|||||||
}
|
}
|
||||||
synchronized (OpenSslContext.class) {
|
synchronized (OpenSslContext.class) {
|
||||||
if (trustCertChainFile != null) {
|
if (trustCertChainFile != null) {
|
||||||
/* Load the certificate chain. We must skip the first cert when server mode */
|
/* Load the certificate chain. We must NOT skip the first cert when client mode */
|
||||||
if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), true)) {
|
if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), false)) {
|
||||||
long error = SSL.getLastErrorNumber();
|
long error = SSL.getLastErrorNumber();
|
||||||
if (OpenSsl.isError(error)) {
|
if (OpenSsl.isError(error)) {
|
||||||
throw new SSLException(
|
throw new SSLException(
|
||||||
|
Loading…
Reference in New Issue
Block a user