From eeb1f48e17f4c71162ce90f88bda3dc37b489cc7 Mon Sep 17 00:00:00 2001 From: Mathieu Poumeyrol Date: Sat, 23 Jul 2016 14:36:00 +0200 Subject: [PATCH] feat(server): accept combined certificate files Openssl::with_cert_and_key is often useless in its current form: in most setups, one need to provide the intermediate certificate chain to Openssl. One way would be to change with_cert_and_key to allow passing a third file containing the authority chain. Fortunately, thers is another option: Openssl accepts combined certificates (your certs, then whatever certs you need to link it to the widely distributed ones). This is not exotic, both nginx and apache use this setup. --- src/net.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/net.rs b/src/net.rs index 250eda4c3d..25b09b7463 100644 --- a/src/net.rs +++ b/src/net.rs @@ -710,7 +710,7 @@ mod openssl { where C: AsRef, K: AsRef { let mut ctx = try!(SslContext::new(SslMethod::Sslv23)); try!(ctx.set_cipher_list("DEFAULT")); - try!(ctx.set_certificate_file(cert.as_ref(), X509FileType::PEM)); + try!(ctx.set_certificate_chain_file(cert.as_ref(), X509FileType::PEM)); try!(ctx.set_private_key_file(key.as_ref(), X509FileType::PEM)); ctx.set_verify(SSL_VERIFY_NONE, None); Ok(Openssl { context: Arc::new(ctx) })