Copy negotiated parameters in SSL_set_SSL_CTX.
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the supported signature algorithms and raw cipherlist. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 14e14bf6964965d02ce89805d9de867f000095aa)
This commit is contained in:
Dr. Stephen Henson
parent
51695b98f1
commit
1ce95f1960
@ -3184,15 +3184,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
|
||||
|
||||
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
|
||||
{
|
||||
CERT *ocert = ssl->cert;
|
||||
if (ssl->ctx == ctx)
|
||||
return ssl->ctx;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (ctx == NULL)
|
||||
ctx = ssl->initial_ctx;
|
||||
#endif
|
||||
if (ssl->cert != NULL)
|
||||
ssl_cert_free(ssl->cert);
|
||||
ssl->cert = ssl_cert_dup(ctx->cert);
|
||||
if (ocert)
|
||||
{
|
||||
/* Preserve any already negotiated parameters */
|
||||
if (ssl->server)
|
||||
{
|
||||
ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
|
||||
ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen;
|
||||
ocert->peer_sigalgs = NULL;
|
||||
ssl->cert->ciphers_raw = ocert->ciphers_raw;
|
||||
ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
|
||||
ocert->ciphers_raw = NULL;
|
||||
}
|
||||
ssl_cert_free(ocert);
|
||||
}
|
||||
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
|
||||
if (ssl->ctx != NULL)
|
||||
SSL_CTX_free(ssl->ctx); /* decrement reference count */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user