diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-09 00:23:34 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-10-24 14:01:01 +0100 |
commit | 1ce95f19601bbc6bfd24092c76c8f8105124e857 (patch) | |
tree | d388297b53b43083922c4d71a2919188a699552c | |
parent | 51695b98f128f8e091256c601266b1dd4fb731bd (diff) |
Copy negotiated parameters in SSL_set_SSL_CTX.
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the
supported signature algorithms and raw cipherlist.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 14e14bf6964965d02ce89805d9de867f000095aa)
-rw-r--r-- | ssl/ssl_lib.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e336a56dbe..22a210e90f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3184,15 +3184,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { + CERT *ocert = ssl->cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + if (ocert) + { + /* Preserve any already negotiated parameters */ + if (ssl->server) + { + ssl->cert->peer_sigalgs = ocert->peer_sigalgs; + ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; + ocert->peer_sigalgs = NULL; + ssl->cert->ciphers_raw = ocert->ciphers_raw; + ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; + ocert->ciphers_raw = NULL; + } + ssl_cert_free(ocert); + } CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ |