generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only set current certificate to valid values.

Browse Source 
When setting the current certificate check that it has a corresponding
private key.
This commit is contained in:
Dr. Stephen Henson
2014-02-23 13:46:52 +00:00
parent 13dc3ce9ab
commit 358d352aa2
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_cert.c
View File

@@ -606,18 +606,20 @@ int ssl_cert_select_current(CERT *c, X509 *x)
return 0; return 0;
for (i = 0; i < SSL_PKEY_NUM; i++) for (i = 0; i < SSL_PKEY_NUM; i++)
{ {
if (c->pkeys[i].x509 == x) CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 == x && cpk->privatekey)
{ {
c->key = &c->pkeys[i]; c->key = cpk;
return 1; return 1;
} }
} }
for (i = 0; i < SSL_PKEY_NUM; i++) for (i = 0; i < SSL_PKEY_NUM; i++)
{ {
if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x)) CERT_PKEY *cpk = c->pkeys + i;
if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x))
{ {
c->key = &c->pkeys[i]; c->key = cpk;
return 1; return 1;
} }
} }
@@ -641,9 +643,10 @@ int ssl_cert_set_current(CERT *c, long op)
return 0; return 0;
for (i = idx; i < SSL_PKEY_NUM; i++) for (i = idx; i < SSL_PKEY_NUM; i++)
{ {
if (c->pkeys[i].x509) CERT_PKEY *cpk = c->key + i;
if (cpk->x509 && cpk->privatekey)
{ {
c->key = &c->pkeys[i]; c->key = cpk;
return 1; return 1;
} }
} }