From bf476e78700b3e6e6ec06a3448d437ac51e5048a Mon Sep 17 00:00:00 2001
From: Mo Chen <uncorrupt@gmail.com>
Date: Thu, 3 Nov 2022 19:21:58 -0500
Subject: [PATCH] Fix Loading Client Certificate Chain

Client certificate chain loading was using the wrong OpenSSL API,
causing the chain to be loaded incorrectly.
---
 iocore/net/SSLConfig.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 29b2fcfb877..6d34998d396 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -834,7 +834,7 @@ SSLConfigParams::getCTX(const std::string &client_cert, const std::string &key_f
       // Continue to fetch certs to associate intermediate certificates
       cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr);
       while (cert) {
-        if (!SSL_CTX_use_certificate(client_ctx.get(), cert)) {
+        if (!SSL_CTX_add_extra_chain_cert(client_ctx.get(), cert)) {
           SSLError("failed to attach client chain certificate from %s", client_cert.c_str());
           goto fail;
         }