Not skip first cert when using OpenSslClientContext

Motivation: Due a copy and paste error we incorrectly skipped the first cert in the keyCertChainFile when using OpenSslClientContext. Modifications: Correctly not skip the first cert. Result: The certificate chain is correctly setup when using OpenSslClientContext.
guopengdreams · Jun 10, 2015 · afe3a3a · afe3a3a
1 parent 95e7c7a
commit afe3a3a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
@@ -184,8 +184,8 @@ public OpenSslClientContext(File trustCertChainFile, TrustManagerFactory trustMa
             }
             synchronized (OpenSslContext.class) {
                 if (trustCertChainFile != null) {
-                    /* Load the certificate chain. We must skip the first cert when server mode */
-                    if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), true)) {
+                    /* Load the certificate chain. We must NOT skip the first cert when client mode */
+                    if (!SSLContext.setCertificateChainFile(ctx, trustCertChainFile.getPath(), false)) {
                         long error = SSL.getLastErrorNumber();
                         if (OpenSsl.isError(error)) {
                             throw new SSLException(