generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only set current certificate to valid values.

Browse Source 
When setting the current certificate check that it has a corresponding
private key.
(cherry picked from commit 358d352aa244b4f2ef655bccff6658d92d5ce03c)
This commit is contained in:
Dr. Stephen Henson 2014-02-23 13:46:52 +00:00
parent c5ea65b157
commit c3f5d3d93a
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_cert.c
View File

@ -627,18 +627,20 @@ int ssl_cert_select_current(CERT *c, X509 *x)
return 0;
for (i = 0; i < SSL_PKEY_NUM; i++)
{
if (c->pkeys[i].x509 == x)
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 == x && cpk->privatekey)
{
c->key = &c->pkeys[i];
c->key = cpk;
return 1;
}
}
for (i = 0; i < SSL_PKEY_NUM; i++)
{
if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x))
{
c->key = &c->pkeys[i];
c->key = cpk;
return 1;
}
}
@ -662,9 +664,10 @@ int ssl_cert_set_current(CERT *c, long op)
return 0;
for (i = idx; i < SSL_PKEY_NUM; i++)
{
if (c->pkeys[i].x509)
CERT_PKEY *cpk = c->key + i;
if (cpk->x509 && cpk->privatekey)
{
c->key = &c->pkeys[i];
c->key = cpk;
return 1;
}
}