Option to set current cert to server certificate.

(cherry picked from commit daddd9a950e491c31f9500d5e570bc7eb96b2823)
author: Dr. Stephen Henson <steve@openssl.org> 2014-02-21 19:42:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-02-23 13:49:21 +0000
commit: 58b86e4235cd420f607819727d372af9f7a80224 (patch)
tree: a9dae8d7eb4c5fb07d7b8914d1b789b8860de420 /ssl/s3_lib.c
parent: a466be6243b54cf26bbdbd6c9b9c48ad75b18a09 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 72ef809fed..f02bb7613d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3432,6 +3432,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return ssl_cert_select_current(s->cert, (X509 *)parg);
 
 	case SSL_CTRL_SET_CURRENT_CERT:
+		if (larg == SSL_CERT_SET_SERVER)
+			{
+			CERT_PKEY *cpk;
+			const SSL_CIPHER *cipher;
+			if (!s->server)
+				return 0;
+			cipher = s->s3->tmp.new_cipher;
+			if (!cipher)
+				return 0;
+			/* No certificate for unauthenticated ciphersuites */
+			if (cipher->algorithm_auth & SSL_aNULL)
+				return 2;
+			cpk = ssl_get_server_send_pkey(s);
+			if (!cpk)
+				return 0;
+			s->cert->key = cpk;
+			return 1;
+			}
 		return ssl_cert_set_current(s->cert, larg);
 
 #ifndef OPENSSL_NO_EC
author	Dr. Stephen Henson <steve@openssl.org>	2014-02-21 19:42:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-02-23 13:49:21 +0000
commit	58b86e4235cd420f607819727d372af9f7a80224 (patch)
tree	a9dae8d7eb4c5fb07d7b8914d1b789b8860de420 /ssl/s3_lib.c
parent	a466be6243b54cf26bbdbd6c9b9c48ad75b18a09 (diff)