You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
2.3 KiB
71 lines
2.3 KiB
4 years ago
|
diff --git a/sendmail/conf.c b/sendmail/conf.c
|
||
|
index 777e05e..e693ed0 100644
|
||
|
--- a/sendmail/conf.c
|
||
|
+++ b/sendmail/conf.c
|
||
|
@@ -6504,6 +6504,14 @@ char *FFRCompileOptions[] =
|
||
|
/* More STARTTLS options, e.g., secondary certs. */
|
||
|
"_FFR_TLS_1",
|
||
|
#endif /* _FFR_TLS_1 */
|
||
|
+#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
|
||
|
+ /*
|
||
|
+ ** Use SSL_CTX_use_certificate_chain_file()
|
||
|
+ ** instead of SSL_CTX_use_certificate_file()
|
||
|
+ */
|
||
|
+
|
||
|
+ "_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE",
|
||
|
+#endif /* _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE */
|
||
|
#if _FFR_TRUSTED_QF
|
||
|
/*
|
||
|
** If we don't own the file mark it as unsafe.
|
||
|
diff --git a/sendmail/tls.c b/sendmail/tls.c
|
||
|
index 72da987..6707a35 100644
|
||
|
--- a/sendmail/tls.c
|
||
|
+++ b/sendmail/tls.c
|
||
|
@@ -860,17 +860,25 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
||
|
if (bitset(TLS_I_USE_KEY, req))
|
||
|
return false;
|
||
|
}
|
||
|
+#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
|
||
|
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
|
||
|
+ SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile)
|
||
|
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
|
||
|
+#else
|
||
|
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
|
||
|
+ SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM)
|
||
|
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
|
||
|
+#endif
|
||
|
|
||
|
/* get the certificate file */
|
||
|
if (bitset(TLS_S_CERT_OK, status) &&
|
||
|
- SSL_CTX_use_certificate_file(*ctx, certfile,
|
||
|
- SSL_FILETYPE_PEM) <= 0)
|
||
|
+ SSL_CTX_use_cert(*ctx, certfile) <= 0)
|
||
|
{
|
||
|
if (LogLevel > 7)
|
||
|
{
|
||
|
sm_syslog(LOG_WARNING, NOQID,
|
||
|
- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
|
||
|
- who, certfile);
|
||
|
+ "STARTTLS=%s, error: %s(%s) failed",
|
||
|
+ who, SSL_CTX_USE_CERT, certfile);
|
||
|
if (LogLevel > 9)
|
||
|
tlslogerr(LOG_WARNING, who);
|
||
|
}
|
||
|
@@ -914,13 +922,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
||
|
|
||
|
/* get the certificate file */
|
||
|
if (bitset(TLS_S_CERT2_OK, status) &&
|
||
|
- SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0)
|
||
|
+ SSL_CTX_use_cert(*ctx, cf2) <= 0)
|
||
|
{
|
||
|
if (LogLevel > 7)
|
||
|
{
|
||
|
sm_syslog(LOG_WARNING, NOQID,
|
||
|
- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
|
||
|
- who, cf2);
|
||
|
+ "STARTTLS=%s, error: %s(%s) failed",
|
||
|
+ who, SSL_CTX_USE_CERT, cf2);
|
||
|
if (LogLevel > 9)
|
||
|
tlslogerr(LOG_WARNING, who);
|
||
|
}
|