git.kaiwu.me - nginx.git/commit

author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 19 May 2016 11:46:32 +0000 (14:46 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 19 May 2016 11:46:32 +0000 (14:46 +0300)
commit	798999b63d57a578a1fe68b61e97731e8ff0ec56
tree	abfcb93d5f514be45bd8eb8888304aa46df1939a	tree \| snapshot
parent	e844475905c0226088104a80bc3159bfa714ffa8	commit \| diff

SSL: support for per-certificate chains.

The SSL_CTX_add0_chain_cert() function as introduced in OpenSSL 1.0.2 now
used instead of SSL_CTX_add_extra_chain_cert().

SSL_CTX_add_extra_chain_cert() adds extra certs for all certificates
in the context, while SSL_CTX_add0_chain_cert() only to a particular
certificate. There is no difference unless multiple certificates are used,
though it is important when using multiple certificates.

Additionally, SSL_CTX_select_current_cert() is now called before using
a chain to make sure correct chain will be returned.

src/event/ngx_event_openssl.c		diff \| blob \| history
src/event/ngx_event_openssl_stapling.c		diff \| blob \| history