commit a4339ea3ba045b7da038148f0d48ce25f2996971
author Dr. Stephen Henson <steve@openssl.org> Fri Jan 03 22:38:03 2014 +0000
committer Dr. Stephen Henson <steve@openssl.org> Fri Jan 03 22:39:49 2014 +0000
tree 6d945867198bbc00fc2c1dd518b567b21fa329a1
parent e8b0dd57c0e9c53fd0708f0f458a7a2fd7a95c91

Use algorithm specific chains for certificates.

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.

ssl/ssl_rsa.c

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 9532955..7fcd846 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -758,19 +758,15 @@
 		X509 *ca;
 		int r;
 		unsigned long err;
-		
-		if (ctx->extra_certs != NULL)
-			{
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-			}
 
+		SSL_CTX_clear_chain_certs(ctx);
+		
 		while ((ca = PEM_read_bio_X509(in, NULL,
 					ctx->default_passwd_callback,
 					ctx->default_passwd_callback_userdata))
 			!= NULL)
 			{
-			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			r = SSL_CTX_add0_chain_cert(ctx, ca);
 			if (!r) 
 				{
 				X509_free(ca);