OpenSSL generate_host_certificate(): Use X509_get_subject_name()
authorFabian Keil <fk@fabiankeil.de>
Tue, 9 Aug 2022 06:31:25 +0000 (08:31 +0200)
committerFabian Keil <fk@fabiankeil.de>
Sun, 2 Oct 2022 07:47:48 +0000 (09:47 +0200)
... instead of X509_get_issuer_name() to get the issuer for generated
website certificates so there are no warnings in the browser when using
an intermediate CA certificate instead of a self-signed root certificate.

Problem reported and patch submitted by Chakib Benziane.

openssl.c

index 685995f..fca2310 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -1986,7 +1986,7 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-   issuer_name = X509_get_issuer_name(issuer_cert);
+   issuer_name = X509_get_subject_name(issuer_cert);
 
    /*
     * Loading keys from file or from buffer