Forum List Message List New Topic Print View

Piotr Sikora

October 23, 2013 05:56PM

Hey Rob,

> #if OPENSSL_VERSION_NUMBER >= 0x10002000L
> // OpenSSL 1.0.2 lets us do this properly
> Call SSL_CTX_add1_chain_cert(ssl->ctx, x509)
> #else
> If (number of ssl_certificate directives > 1)
> // Put this intermediate in the "trusted certificates store"
> Call X509_STORE_add_cert(ssl->ctx->cert_store, x509)
> Else
> // This is what Nginx does currently
> Call SSL_CTX_add_extra_chain_cert(ssl->ctx, x509)
> End If
> #endif

For the consistency sake, you should be using
SSL_CTX_add0_chain_cert(), since it doesn't increase OpenSSL's
internal reference count, same as SSL_CTX_add_extra_chain_cert()... If
you want use SSL_CTX_add1_chain_cert() then you should free x509
afterwards.

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] RSA+DSA+ECC bundles	Rob Stradling	1588	October 17, 2013 10:10AM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	581	October 17, 2013 11:20AM
Re: [PATCH] RSA+DSA+ECC bundles	Piotr Sikora	569	October 17, 2013 06:02PM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	542	October 18, 2013 07:08PM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	647	October 19, 2013 06:16AM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	606	October 21, 2013 05:42PM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	578	October 22, 2013 08:10AM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	505	October 22, 2013 09:32AM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	599	October 22, 2013 08:26PM
Re: [PATCH] RSA+DSA+ECC bundles	W-Mark Kubacki	590	October 23, 2013 01:08PM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	528	October 23, 2013 03:14PM
Re: [PATCH] RSA+DSA+ECC bundles	Piotr Sikora	568	October 23, 2013 05:50PM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	569	October 23, 2013 08:28PM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	538	October 31, 2013 05:00PM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	902	October 31, 2013 06:00PM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	553	November 01, 2013 06:48AM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	527	November 01, 2013 08:10AM
Re: [PATCH] RSA+DSA+ECC bundles	Maxim Dounin	611	November 01, 2013 10:26AM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	555	October 23, 2013 02:28PM
Re: [PATCH] RSA+DSA+ECC bundles	Piotr Sikora	579	October 23, 2013 05:56PM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	667	October 24, 2013 08:10AM
Re: [PATCH] RSA+DSA+ECC bundles	Rob Stradling	573	October 18, 2013 06:52PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 236

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018