From 05fb5e583be589ab63d9f83d986d095639f8ec44 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 21 Oct 2018 19:53:02 -0700 Subject: [PATCH] Reverse chain loading for openssl The stack is the reverse of what you might expect due to the way PKCS12_parse is implemented, so we need to load it backwards. Closes #110 --- Cargo.toml | 2 +- src/imp/openssl.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 450811ab..36fff295 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,7 +24,7 @@ log = "0.4.5" schannel = "0.1.13" [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] -openssl = "0.10.11" +openssl = "0.10.15" openssl-sys = "0.9.30" openssl-probe = "0.1" diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 105aaf53..6850c579 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -255,7 +255,7 @@ impl TlsConnector { connector.set_certificate(&(identity.0).0.cert)?; connector.set_private_key(&(identity.0).0.pkey)?; if let Some(ref chain) = (identity.0).0.chain { - for cert in chain { + for cert in chain.iter().rev() { connector.add_extra_chain_cert(cert.to_owned())?; } } @@ -304,7 +304,7 @@ impl TlsAcceptor { acceptor.set_private_key(&(builder.identity.0).0.pkey)?; acceptor.set_certificate(&(builder.identity.0).0.cert)?; if let Some(ref chain) = (builder.identity.0).0.chain { - for cert in chain { + for cert in chain.iter().rev() { acceptor.add_extra_chain_cert(cert.to_owned())?; } }