diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-13 16:32:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-15 02:23:54 +0000 |
commit | f365a3e2e552e36f5c885953f5a361267f0d06c6 (patch) | |
tree | 04f1ecc586a4d91779bb9c26664bcec3388aca3b /ssl/s3_lib.c | |
parent | 0972bc5cedfb3c8dcf7eae3ab010ed3b47a6f186 (diff) |
Use cert_index and sigalg
Now the certificate and signature algorithm is set in one place we
can use it directly insetad of recalculating it. The old functions
ssl_get_server_send_pkey() and ssl_get_server_cert_index() are no
longer required.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8065e15cb6..ac2e858e76 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3137,12 +3137,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CURRENT_CERT: if (larg == SSL_CERT_SET_SERVER) { - CERT_PKEY *cpk; const SSL_CIPHER *cipher; if (!s->server) return 0; cipher = s->s3->tmp.new_cipher; - if (!cipher) + if (cipher == NULL) return 0; /* * No certificate for unauthenticated ciphersuites or using SRP @@ -3150,10 +3149,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) */ if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) return 2; - cpk = ssl_get_server_send_pkey(s); - if (!cpk) + if (s->s3->tmp.cert_idx == -1) return 0; - s->cert->key = cpk; + s->cert->key = &s->cert->pkeys[s->s3->tmp.cert_idx]; return 1; } return ssl_cert_set_current(s->cert, larg); |