Merge "crypto: Read certificate chain"

commit: a3c43f225ba4767d2d711b355ed85c828f6102a0 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Jan 30 19:06:50 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jan 30 19:06:50 2017 +0000
tree: cb04c143075f41908e47e4fcb4c69cd37a2900a0
parent: a741f4b5e5602c2f4d46a62a11f3971a8aca871e [diff]
parent: 50772e8622904b97ec2840383b4f7395e952344c [diff]
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e274975..4521891 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c

@@ -2369,15 +2369,26 @@
 		BIO *bio = BIO_from_keystore(&client_cert[11]);
 		X509 *x509 = NULL;
 		int ret = -1;
-		if (bio) {
+		if (bio)
 			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
-			BIO_free(bio);
-		}
+
 		if (x509) {
 			if (SSL_use_certificate(conn->ssl, x509) == 1)
 				ret = 0;
 			X509_free(x509);
 		}
+
+		/* Read additional certificates into the chain. */
+		while (bio) {
+			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+			if (x509) {
+				/* Takes ownership of x509 */
+				SSL_add0_chain_cert(conn->ssl, x509);
+			} else {
+				BIO_free(bio);
+				bio = NULL;
+			}
+		}
 		return ret;
 	}
 #endif /* ANDROID */
commit	a3c43f225ba4767d2d711b355ed85c828f6102a0	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Jan 30 19:06:50 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jan 30 19:06:50 2017 +0000
tree	cb04c143075f41908e47e4fcb4c69cd37a2900a0
parent	a741f4b5e5602c2f4d46a62a11f3971a8aca871e [diff]
parent	50772e8622904b97ec2840383b4f7395e952344c [diff]