[Yazlist] Yaz and SSL
Ko van der Sloot
Ko.vanderSloot at uvt.nl
Fri Jun 9 12:54:50 CEST 2006
Hello,
I am doing some tests with YAZ and SSL ( using ./configure --with-openssl )
It seems to work well, except for the fact that only 1 certificate is
read, because you use SSL_CTX_use_certificate_file().
This makes it impossible to provide more certificates, which might be
necessary to check the certificates of the signers of my certificate...
I replaced that by a call to SSL_CTX_use_certificate_chain_file(), and
now all works well. (the ssl documentation also advises to use
SSL_CTX_use_certificate_chain_file() )
Diff appended below. (not agains 2.1.20 unfortunately)
I would very much like to see this change appear in the YAZ version.
And also, i wonder why SLL support is not the default, for all systems
where SLL is available?
lastly: I would like te use this forum to ask Adam to consider
responding to my private mails about SRU update dd 21-12-2005 and 28-3-2005.
Please...
greetings from sunny Tilburg
Ko vd Sloot
Context diff:
diff -c -r1.17 tcpip.c
*** src/tcpip.c 19 Jul 2005 12:40:52 -0000 1.17
--- src/tcpip.c 9 Jun 2006 10:52:52 -0000
***************
*** 490,497 ****
if (sp->ctx_alloc)
{
int res;
! res = SSL_CTX_use_certificate_file (sp->ctx, sp->cert_fname,
! SSL_FILETYPE_PEM);
if (res <= 0)
{
ERR_print_errors_fp(stderr);
--- 490,496 ----
if (sp->ctx_alloc)
{
int res;
! res = SSL_CTX_use_certificate_chain_file (sp->ctx,
sp->cert_fname);
if (res <= 0)
{
ERR_print_errors_fp(stderr);
More information about the Yazlist
mailing list