httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tadasuke SUDO <>
Subject mod_ssl(httpd-2.0.43) always skips a leading certificate of SSLCertificateChainFile
Date Tue, 07 Jan 2003 10:17:02 GMT

I encountered a problem that mod_ssl(httpd-2.0.43) always skips
a leading certficate of SSLCertificateChainFile.

So, I checked the source code of httpd-2.0.43, and I found the related
codes in "ssl_engine_init.c".  In a function
"ssl_init_ctx_cert_chain()", a function
"SSL_CTX_use_certificate_chain()" is invoked with some arguments - the
third argument is a local boolean variable "skip_first".  If
skip_first is TRUE, SSL_CTX_use_certificate_chain() skips a leading
certificate of SSLCertificateChainFile.  Because
ssl_init_ctx_cert_chain() initializes skip_first to TRUE and doesn't
make it FALSE, skip_first is always TRUE.  Therefore, a leading
certificate of SSLCertficateChainFile is always skipped.
I think skip_first should be initialized to FALSE.

(Since mod_ssl-2.8.12-1.3.27 works fine,
 I checked its source code.  There are similar codes, and
 skip_first is initialized to FALSE.)

Tadasuke SUDO

View raw message