load intermediate cert from certfile

This is required for public certificates as many servers will be unable to verify the certificate if a partial chain is presented.
Changing `SSL_CTX_use_certificate_file` to `SSL_CTX_use_certificate_chain_file` fixes this issue since now the certificate and intermediate can be loaded from the same file.
This reflects behaviour of other software including popular webservers.
Furthermore the use of `SSL_CTX_use_certificate_chain_file` is suggested by the corresponding OpenSSL man page.

Signed-off-by: benaryorg <binary@benary.org>

THANKS

@@ -5,6 +5,7 @@ Andrew Ryder
 Andrew Widdersheim
 Bartosz Woronicz
 Bas Couwenberg
+benaryorg
 Bill Mitchell
 Bjoern Beutel
 Brian Seklecki
@@ -51,4 +52,4 @@ Subhendu Ghosh
 Sven Nierlein
 Thierry Bertaud
 Ton Voon
-Vadim Antipov
+Vadim Antipov

src/check_nrpe.c

@@ -970,7 +970,7 @@ void setup_ssl()
 		SSL_CTX_set_options(ctx, ssl_opts);
 
 		if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
-			if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
+			if (!SSL_CTX_use_certificate_chain_file(ctx, sslprm.cert_file)) {
 				printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
 				while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
 					printf("Error: could not use certificate file '%s': %s\n", sslprm.cert_file, ERR_reason_error_string(x));

src/nrpe.c

@@ -421,7 +421,7 @@ void init_ssl(void)
 	SSL_CTX_set_options(ctx, ssl_opts);
 
 	if (sslprm.cert_file != NULL) {
-		if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
+		if (!SSL_CTX_use_certificate_chain_file(ctx, sslprm.cert_file)) {
 			SSL_CTX_free(ctx);
 			while ((x = ERR_get_error()) != 0) {
 				ERR_error_string(x, errstr);