diff options
| author | Ben Laurie <ben@links.org> | 2015-09-12 17:17:33 +0100 |
|---|---|---|
| committer | Ben Laurie <ben@links.org> | 2015-12-11 18:38:38 +0000 |
| commit | 94d61512360c4d16762a13e27fcad39ca4f5e506 (patch) | |
| tree | 73f8502889654d1c575272a923a884cfd4657cb6 /ssl | |
| parent | ea11c6e92090078319e606d5639b7a81bdd57897 (diff) | |
Make no-dh work, plus other no-dh problems found by Richard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 12 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 4 |
2 files changed, 5 insertions, 11 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b6a73b9144..ee00741767 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4250,16 +4250,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { - CERT *cert; - - cert = ctx->cert; - switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { DH *new = NULL, *dh; + CERT *cert; + cert = ctx->cert; dh = (DH *)parg; if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { @@ -4464,15 +4462,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) { - CERT *cert; - - cert = ctx->cert; - switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + cxt->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 3ccb28777e..51dcc9eee8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1729,7 +1729,6 @@ int tls_construct_server_key_exchange(SSL *s) int al, i; unsigned long type; int n; - CERT *cert; BIGNUM *r[4]; int nr[4], kn; BUF_MEM *buf; @@ -1742,7 +1741,6 @@ int tls_construct_server_key_exchange(SSL *s) } type = s->s3->tmp.new_cipher->algorithm_mkey; - cert = s->cert; buf = s->init_buf; @@ -1763,6 +1761,8 @@ int tls_construct_server_key_exchange(SSL *s) #endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { + CERT *cert = s->cert; + if (s->cert->dh_tmp_auto) { dhp = ssl_get_auto_dh(s); if (dhp == NULL) { |