Dear all,
I'm writing with reference to an issue which came up sometime last
year on the general mailing list which I found when I encountered
the same problem recently.
(Re: http://lists.gnu.org/archive/html/monit-general/2008-05/msg00042.html)
When Monit is run with a chained SSL certificate, the http server
only serves the server digital certificate, but not the rest of the
chain, causing browsers to produce an error. I have attached a patch
below that should address this problem.
Index: ssl.c
===================================================================
--- ssl.c (revision 15)
+++ ssl.c (working copy)
@@ -351,8 +351,7 @@
goto sslerror;
}
- if(SSL_CTX_use_certificate_file(ssl_server->ctx, pemfile,
- SSL_FILETYPE_PEM) != 1) {
+ if(SSL_CTX_use_certificate_chain_file(ssl_server->ctx, pemfile) !
= 1) {
LogError("%s: Cannot initialize SSL server certificate -- %s\n",
prog, SSLERROR);
goto sslerror;
I have tested this in a rudimentary manner - I built monit with this
patch applied, verified that it still accepts non-chained
certificates, and that it also accepts my chained certificate
successfully and serves it correctly to firefox. Please let me know
if there are other tests that should be run before I submit this
again. Thank you!
Best regards
Lawrence
_______________________________________________
monit-dev mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/monit-dev