FS-6174 --resolve after updating to this revision, put ca-bundle.crt in…

FS-6174 --resolve after updating to this revision, put ca-bundle.crt in /usr/local/freeswitch/certs to get chain cert in place for both dtls and wss

libs/sofia-sip/.update

-Sun Jan 26 07:59:10 UTC 2014
+Fri Jan 31 20:16:45 CDT 2014

libs/sofia-sip/libsofia-sip-ua/tport/tport_type_ws.c

@@ -338,6 +338,7 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
   tport_ws_primary_t *wspri = (tport_ws_primary_t *)pri;
   const char *cert = "/ssl.pem";
   const char *key = "/ssl.pem";
+  const char *chain = NULL;
   char *homedir;
   char *tbf = NULL;
   su_home_t autohome[SU_HOME_AUTO_SIZE(1024)];
@@ -361,11 +362,13 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
     key  = su_sprintf(autohome, "%s/%s", path, "wss.key");
 	if (access(key, R_OK) != 0) key = NULL;
 	cert = su_sprintf(autohome, "%s/%s", path, "wss.crt");
+	chain = su_sprintf(autohome, "%s/%s", path, "ca-bundle.crt");
 	if (access(cert, R_OK) != 0) cert = NULL;
 	if ( !key )  key  = su_sprintf(autohome, "%s/%s", path, "wss.pem");
 	if ( !cert ) cert = su_sprintf(autohome, "%s/%s", path, "wss.pem");
 	if (access(key, R_OK) != 0) key = NULL;
 	if (access(cert, R_OK) != 0) cert = NULL;
+	if (access(chain, R_OK) != 0) chain = NULL;
   }
 
   init_ssl();
@@ -379,6 +382,10 @@ static int tport_ws_init_primary_secure(tport_primary_t *pri,
 
   if ( !wspri->ssl_ctx ) goto done;
 
+  if (chain) {
+	  SSL_CTX_use_certificate_chain_file(wspri->ssl_ctx, chain);
+  }
+
   /* set the local certificate from CertFile */
   SSL_CTX_use_certificate_file(wspri->ssl_ctx, cert, SSL_FILETYPE_PEM);
   /* set the private key from KeyFile */