|
 |
f67e08 |
diff --git a/sendmail/conf.c b/sendmail/conf.c
|
|
|
f67e08 |
index 777e05e..e693ed0 100644
|
|
|
f67e08 |
--- a/sendmail/conf.c
|
|
|
f67e08 |
+++ b/sendmail/conf.c
|
|
|
f67e08 |
@@ -6504,6 +6504,14 @@ char *FFRCompileOptions[] =
|
|
|
f67e08 |
/* More STARTTLS options, e.g., secondary certs. */
|
|
|
f67e08 |
"_FFR_TLS_1",
|
|
|
f67e08 |
#endif /* _FFR_TLS_1 */
|
|
|
f67e08 |
+#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
|
|
|
f67e08 |
+ /*
|
|
|
f67e08 |
+ ** Use SSL_CTX_use_certificate_chain_file()
|
|
|
f67e08 |
+ ** instead of SSL_CTX_use_certificate_file()
|
|
|
f67e08 |
+ */
|
|
|
f67e08 |
+
|
|
|
f67e08 |
+ "_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE",
|
|
|
f67e08 |
+#endif /* _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE */
|
|
|
f67e08 |
#if _FFR_TRUSTED_QF
|
|
|
f67e08 |
/*
|
|
|
f67e08 |
** If we don't own the file mark it as unsafe.
|
|
|
f67e08 |
diff --git a/sendmail/tls.c b/sendmail/tls.c
|
|
|
f67e08 |
index 72da987..6707a35 100644
|
|
|
f67e08 |
--- a/sendmail/tls.c
|
|
|
f67e08 |
+++ b/sendmail/tls.c
|
|
|
f67e08 |
@@ -860,17 +860,25 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
|
|
f67e08 |
if (bitset(TLS_I_USE_KEY, req))
|
|
|
f67e08 |
return false;
|
|
|
f67e08 |
}
|
|
|
f67e08 |
+#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
|
|
|
f67e08 |
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
|
|
|
f67e08 |
+ SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile)
|
|
|
f67e08 |
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
|
|
|
f67e08 |
+#else
|
|
|
f67e08 |
+# define SSL_CTX_use_cert(ssl_ctx, certfile) \
|
|
|
f67e08 |
+ SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM)
|
|
|
f67e08 |
+# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
|
|
|
f67e08 |
+#endif
|
|
|
f67e08 |
|
|
|
f67e08 |
/* get the certificate file */
|
|
|
f67e08 |
if (bitset(TLS_S_CERT_OK, status) &&
|
|
|
f67e08 |
- SSL_CTX_use_certificate_file(*ctx, certfile,
|
|
|
f67e08 |
- SSL_FILETYPE_PEM) <= 0)
|
|
|
f67e08 |
+ SSL_CTX_use_cert(*ctx, certfile) <= 0)
|
|
|
f67e08 |
{
|
|
|
f67e08 |
if (LogLevel > 7)
|
|
|
f67e08 |
{
|
|
|
f67e08 |
sm_syslog(LOG_WARNING, NOQID,
|
|
|
f67e08 |
- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
|
|
|
f67e08 |
- who, certfile);
|
|
|
f67e08 |
+ "STARTTLS=%s, error: %s(%s) failed",
|
|
|
f67e08 |
+ who, SSL_CTX_USE_CERT, certfile);
|
|
|
f67e08 |
if (LogLevel > 9)
|
|
|
f67e08 |
tlslogerr(LOG_WARNING, who);
|
|
|
f67e08 |
}
|
|
|
f67e08 |
@@ -914,13 +922,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
|
|
f67e08 |
|
|
|
f67e08 |
/* get the certificate file */
|
|
|
f67e08 |
if (bitset(TLS_S_CERT2_OK, status) &&
|
|
|
f67e08 |
- SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0)
|
|
|
f67e08 |
+ SSL_CTX_use_cert(*ctx, cf2) <= 0)
|
|
|
f67e08 |
{
|
|
|
f67e08 |
if (LogLevel > 7)
|
|
|
f67e08 |
{
|
|
|
f67e08 |
sm_syslog(LOG_WARNING, NOQID,
|
|
|
f67e08 |
- "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
|
|
|
f67e08 |
- who, cf2);
|
|
|
f67e08 |
+ "STARTTLS=%s, error: %s(%s) failed",
|
|
|
f67e08 |
+ who, SSL_CTX_USE_CERT, cf2);
|
|
|
f67e08 |
if (LogLevel > 9)
|
|
|
f67e08 |
tlslogerr(LOG_WARNING, who);
|
|
|
f67e08 |
}
|