diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 13:46:52 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-23 13:49:21 +0000 |
commit | c3f5d3d93ac81c2866a739f1981d948e6aba1fde (patch) | |
tree | 2236895e43d006197b70ca2ea373c5f96f242342 /ssl/ssl_cert.c | |
parent | c5ea65b157e17743c881b9e348524b0281b3d39f (diff) |
Only set current certificate to valid values.
When setting the current certificate check that it has a corresponding
private key.
(cherry picked from commit 358d352aa244b4f2ef655bccff6658d92d5ce03c)
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f518d37727..6ccf755f7a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -627,18 +627,20 @@ int ssl_cert_select_current(CERT *c, X509 *x) return 0; for (i = 0; i < SSL_PKEY_NUM; i++) { - if (c->pkeys[i].x509 == x) + CERT_PKEY *cpk = c->pkeys + i; + if (cpk->x509 == x && cpk->privatekey) { - c->key = &c->pkeys[i]; + c->key = cpk; return 1; } } for (i = 0; i < SSL_PKEY_NUM; i++) { - if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x)) + CERT_PKEY *cpk = c->pkeys + i; + if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) { - c->key = &c->pkeys[i]; + c->key = cpk; return 1; } } @@ -662,9 +664,10 @@ int ssl_cert_set_current(CERT *c, long op) return 0; for (i = idx; i < SSL_PKEY_NUM; i++) { - if (c->pkeys[i].x509) + CERT_PKEY *cpk = c->key + i; + if (cpk->x509 && cpk->privatekey) { - c->key = &c->pkeys[i]; + c->key = cpk; return 1; } } |