SSL_CTX_use_certificate_file() -> SSL_CTX_use_certificate_chain_file() (#65)

ihmc3jn09hk · an-tao · web-flow · commit dc45be8593c8 · 2020-02-08T10:12:34.000+08:00
* According to https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_use_certificate_file.html, it is preferred to use SSL_CTX_use_certificate_chain_file() instead. * Format Co-authored-by: An Tao <antao2002@gmail.com>
diff --git a/trantor/net/ssl/SSLConnection.cc b/trantor/net/ssl/SSLConnection.cc
@@ -93,9 +93,11 @@ void initServerSSLContext(const std::shared_ptr<SSLContext> &ctx,
                           const std::string &certPath,
                           const std::string &keyPath)
 {
-    auto r = SSL_CTX_use_certificate_file(ctx->get(),
+    /*auto r = SSL_CTX_use_certificate_file(ctx->get(),
                                           certPath.c_str(),
-                                          SSL_FILETYPE_PEM);
+                                          SSL_FILETYPE_PEM);*/
+
+    auto r = SSL_CTX_use_certificate_chain_file(ctx->get(), certPath.c_str());
     if (!r)
     {
         LOG_FATAL << strerror(errno);
@@ -277,7 +279,7 @@ ssize_t SSLConnection::writeInLoop(const char *buffer, size_t length)
             int sslerr = SSL_get_error(sslPtr_->get(), sendLen);
             if (sslerr != SSL_ERROR_WANT_WRITE && sslerr != SSL_ERROR_WANT_READ)
             {
-                //LOG_ERROR << "ssl write error:" << sslerr;
+                // LOG_ERROR << "ssl write error:" << sslerr;
                 forceClose();
                 return -1;
             }

Original file line number	Diff line number	Diff line change
`@@ -93,9 +93,11 @@ void initServerSSLContext(const std::shared_ptr<SSLContext> &ctx,`
`93`	`93`	`const std::string &certPath,`
`94`	`94`	`const std::string &keyPath)`
`95`	`95`	`{`
`96`		`- auto r = SSL_CTX_use_certificate_file(ctx->get(),`
	`96`	`+ /*auto r = SSL_CTX_use_certificate_file(ctx->get(),`
`97`	`97`	`certPath.c_str(),`
`98`		`- SSL_FILETYPE_PEM);`
	`98`	`+ SSL_FILETYPE_PEM);*/`
	`99`	`+`
	`100`	`+ auto r = SSL_CTX_use_certificate_chain_file(ctx->get(), certPath.c_str());`
`99`	`101`	`if (!r)`
`100`	`102`	`{`
`101`	`103`	`LOG_FATAL << strerror(errno);`
`@@ -277,7 +279,7 @@ ssize_t SSLConnection::writeInLoop(const char *buffer, size_t length)`
`277`	`279`	`int sslerr = SSL_get_error(sslPtr_->get(), sendLen);`
`278`	`280`	`if (sslerr != SSL_ERROR_WANT_WRITE && sslerr != SSL_ERROR_WANT_READ)`
`279`	`281`	`{`
`280`		`- //LOG_ERROR << "ssl write error:" << sslerr;`
	`282`	`+ // LOG_ERROR << "ssl write error:" << sslerr;`
`281`	`283`	`forceClose();`
`282`	`284`	`return -1;`
`283`	`285`	`}`