From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 9 Aug 2022 06:31:25 +0000 (+0200)
Subject: OpenSSL generate_host_certificate(): Use X509_get_subject_name()
X-Git-Tag: v_3_0_34~63
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/developer-manual/@default-cgi@/static/@default-cgi@edit-actions?a=commitdiff_plain;h=b574731be3564ad383b96642877ee66c7e7917fb;p=privoxy.git

OpenSSL generate_host_certificate(): Use X509_get_subject_name()

... instead of X509_get_issuer_name() to get the issuer for generated
website certificates so there are no warnings in the browser when using
an intermediate CA certificate instead of a self-signed root certificate.

Problem reported and patch submitted by Chakib Benziane.
---

diff --git a/openssl.c b/openssl.c
index 685995f7..fca23106 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1986,7 +1986,7 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-   issuer_name = X509_get_issuer_name(issuer_cert);
+   issuer_name = X509_get_subject_name(issuer_cert);
 
    /*
     * Loading keys from file or from buffer