ITS#8586 load cert+chain from TLSCertificateFile

For OpenSSL
2026-01-16 11:57:39 -05:00 · 2017-02-11 19:26:59 +00:00 · 2017-02-11 19:26:59 +00:00 · 680091b5b4
commit 680091b5b4
parent c29f0315c2
2 changed files with 5 additions and 3 deletions
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@ -1148,7 +1148,7 @@ Specifies the file that contains certificates for all of the Certificate
 Authorities that
 .B slapd
 will recognize.  The certificate for
-the CA that signed the server certificate must be included among
+the CA that signed the server certificate must(GnuTLS)/may(OpenSSL) be included among
 these certificates. If the signing CA was not a top-level (root) CA,
 certificates for the entire sequence of CA's from the signing CA to
 the top-level CA should be present. Multiple certificates are simply
@ -1164,6 +1164,9 @@ locations will be used.
 Specifies the file that contains the
 .B slapd
 server certificate.
+
+When using OpenSSL that file may also contain any number or intermediate
+certificates.
 .TP
 .B TLSCertificateKeyFile <filename>
 Specifies the file that contains the
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@ -465,8 +465,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		X509_free( cert );
 	} else
 	if ( lo->ldo_tls_certfile &&
-		!SSL_CTX_use_certificate_file( ctx,
-			lt->lt_certfile, SSL_FILETYPE_PEM ) )
+		!SSL_CTX_use_certificate_chain_file( ctx, lt->lt_certfile) )
 	{
 		Debug1( LDAP_DEBUG_ANY,
 			"TLS: could not use certificate file `%s'.\n",