feat(server): accept combined certificate files

Openssl::with_cert_and_key is often useless in its current form: in most setups, one need to provide the intermediate certificate chain to Openssl. One way would be to change with_cert_and_key to allow passing a third file containing the authority chain. Fortunately, thers is another option: Openssl accepts combined certificates (your certs, then whatever certs you need to link it to the widely distributed ones). This is not exotic, both nginx and apache use this setup.
hyperium · Jul 23, 2016 · eeb1f48 · eeb1f48
1 parent 3608382
commit eeb1f48
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/net.rs b/src/net.rs
@@ -710,7 +710,7 @@ mod openssl {
         where C: AsRef<Path>, K: AsRef<Path> {
             let mut ctx = try!(SslContext::new(SslMethod::Sslv23));
             try!(ctx.set_cipher_list("DEFAULT"));
-            try!(ctx.set_certificate_file(cert.as_ref(), X509FileType::PEM));
+            try!(ctx.set_certificate_chain_file(cert.as_ref(), X509FileType::PEM));
             try!(ctx.set_private_key_file(key.as_ref(), X509FileType::PEM));
             ctx.set_verify(SSL_VERIFY_NONE, None);
             Ok(Openssl { context: Arc::new(ctx) })