From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Mon, 20 Feb 2012 13:58:33 +0000 (+0100)
Subject: lighttpd/stdin.nl: Explicitly specify a ca-file for https
X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fservers%2Fdrsnuggles.git;a=commitdiff_plain;h=554023e3ee2c57f97c61eca5ce2f000fdf417850

lighttpd/stdin.nl: Explicitly specify a ca-file for https

Without this, the intermediate certificate would not be sent. This only
affected clients that support SNI, since the fallback SSL configuration
(used for non-SNI browsers) did have an explicit ca-file configuration.
---

diff --git a/etc/lighttpd/vhosts/stdin-nl b/etc/lighttpd/vhosts/stdin-nl
index 56698f9..f778be9 100644
--- a/etc/lighttpd/vhosts/stdin-nl
+++ b/etc/lighttpd/vhosts/stdin-nl
@@ -24,6 +24,7 @@ $HTTP["host"] =~ ".stdin.nl$" {
 	$HTTP["host"] == "mail.stdin.nl" {
 		# Specify the certificate for this domain (uses SNI)
 		ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem" 
+		ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
 		# Redirect HTTP to HTTPS
 		$HTTP["scheme"] == "http" {
 		    url.redirect = ( "^(.*)" => "https://mail.stdin.nl$1" )