Backport support for fixed DH ciphersuites (from HEAD)

2012-04-06 11:33:12 +00:00
parent 8cd2ea552e
commit 0ffa49970b
10 changed files with 119 additions and 52 deletions
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -590,6 +590,18 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 		{
 		ret = SSL_PKEY_GOST01;
 		}
+	else if (x && i == EVP_PKEY_DH)
+		{
+		/* For DH two cases: DH certificate signed with RSA and
+		 * DH certificate signed with DSA.
+		 */
+		i = X509_certificate_type(x, pk);
+		if (i & EVP_PKS_RSA)
+			ret = SSL_PKEY_DH_RSA;
+		else if (i & EVP_PKS_DSA)
+			ret = SSL_PKEY_DH_DSA;
+		}
+		
 err:
 	if(!pkey) EVP_PKEY_free(pk);
 	return(ret);