Allow match selecting of current certificate.

If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available. (cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
author: Dr. Stephen Henson <steve@openssl.org> 2013-11-13 22:57:11 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-11-13 23:47:49 +0000
commit: ff0bdbed85bc8df4a05c34298a03444e215fd05c (patch)
tree: 44bc5e370e009baef049d70b94b93efd85bdbbfe /ssl/ssl_cert.c
parent: dc4bdf592f2865197312ebf7aee2c1d0a1e30b4f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a4550ed2d3..e6234eba88 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -624,6 +624,8 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
 int ssl_cert_select_current(CERT *c, X509 *x)
 	{
 	int i;
+	if (x == NULL)
+		return 0;
 	for (i = 0; i < SSL_PKEY_NUM; i++)
 		{
 		if (c->pkeys[i].x509 == x)
@@ -632,6 +634,15 @@ int ssl_cert_select_current(CERT *c, X509 *x)
 			return 1;
 			}
 		}
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
 	return 0;
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2013-11-13 22:57:11 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-11-13 23:47:49 +0000
commit	ff0bdbed85bc8df4a05c34298a03444e215fd05c (patch)
tree	44bc5e370e009baef049d70b94b93efd85bdbbfe /ssl/ssl_cert.c
parent	dc4bdf592f2865197312ebf7aee2c1d0a1e30b4f (diff)