Using "SSL_CTX_use_certificate_chain_file" instead of "SSL_CTX_use_certificate_file"

to support server certificates signed by intermediaries.

diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 2f8b453..18c780b 100644 (file)
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -2800,8 +2800,8 @@ libwebsocket_create_context(int port, const char *interf,
                /* openssl init for server sockets */
 
                /* set the local certificate from CertFile */
-               n = SSL_CTX_use_certificate_file(context->ssl_ctx,
-                                       ssl_cert_filepath, SSL_FILETYPE_PEM);
+               n = SSL_CTX_use_certificate_chain_file(context->ssl_ctx,
+                                       ssl_cert_filepath);
                if (n != 1) {
                        fprintf(stderr, "problem getting cert '%s': %s\n",
                                ssl_cert_filepath,