diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-21 19:42:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 13:49:21 +0000 |
commit | 58b86e4235cd420f607819727d372af9f7a80224 (patch) | |
tree | a9dae8d7eb4c5fb07d7b8914d1b789b8860de420 /ssl/s3_lib.c | |
parent | a466be6243b54cf26bbdbd6c9b9c48ad75b18a09 (diff) |
Option to set current cert to server certificate.
(cherry picked from commit daddd9a950e491c31f9500d5e570bc7eb96b2823)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 72ef809fed..f02bb7613d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3432,6 +3432,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_select_current(s->cert, (X509 *)parg); case SSL_CTRL_SET_CURRENT_CERT: + if (larg == SSL_CERT_SET_SERVER) + { + CERT_PKEY *cpk; + const SSL_CIPHER *cipher; + if (!s->server) + return 0; + cipher = s->s3->tmp.new_cipher; + if (!cipher) + return 0; + /* No certificate for unauthenticated ciphersuites */ + if (cipher->algorithm_auth & SSL_aNULL) + return 2; + cpk = ssl_get_server_send_pkey(s); + if (!cpk) + return 0; + s->cert->key = cpk; + return 1; + } return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC |