Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work. Note for 1.0.1 and earlier also includes backport of the function ssl_get_server_send_pkey.
This commit is contained in:
Dr. Stephen Henson
12
ssl/t1_lib.c
12
ssl/t1_lib.c
@@ -1871,6 +1871,18 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
|
||||
if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
|
||||
{
|
||||
int r;
|
||||
CERT_PKEY *certpkey;
|
||||
certpkey = ssl_get_server_send_pkey(s);
|
||||
/* If no certificate can't return certificate status */
|
||||
if (certpkey == NULL)
|
||||
{
|
||||
s->tlsext_status_expected = 0;
|
||||
return 1;
|
||||
}
|
||||
/* Set current certificate to one we will use so
|
||||
* SSL_get_certificate et al can pick it up.
|
||||
*/
|
||||
s->cert->key = certpkey;
|
||||
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
|
||||
switch (r)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user