generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport support for fixed DH ciphersuites (from HEAD)

Browse Source
This commit is contained in:
Dr. Stephen Henson
2012-04-06 11:33:12 +00:00
parent 8cd2ea552e
commit 0ffa49970b
10 changed files with 119 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ssl/ssl_rsa.c
View File

@@ -182,8 +182,23 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
i=ssl_cert_type(NULL,pkey);
/* Special case for DH: check two DH certificate types for a match.
* This means for DH certificates we must set the certificate first.
*/
if (pkey->type == EVP_PKEY_DH)
{
X509 *x;
i = -1;
x = c->pkeys[SSL_PKEY_DH_RSA].x509;
if (x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_RSA;
x = c->pkeys[SSL_PKEY_DH_DSA].x509;
if (i == -1 && x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_DSA;
ERR_clear_error();
}
else
i=ssl_cert_type(NULL,pkey);
if (i < 0)
{
SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);