From b574731be3564ad383b96642877ee66c7e7917fb Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 9 Aug 2022 08:31:25 +0200
Subject: [PATCH] OpenSSL generate_host_certificate(): Use
 X509_get_subject_name()

... instead of X509_get_issuer_name() to get the issuer for generated
website certificates so there are no warnings in the browser when using
an intermediate CA certificate instead of a self-signed root certificate.

Problem reported and patch submitted by Chakib Benziane.
---
 openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openssl.c b/openssl.c
index 685995f7..fca23106 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1986,7 +1986,7 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-   issuer_name = X509_get_issuer_name(issuer_cert);
+   issuer_name = X509_get_subject_name(issuer_cert);
 
    /*
     * Loading keys from file or from buffer
-- 
2.39.2