Call OCSP Stapling callback after ciphersuite has been chosen, so the

right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.
author: Ben Laurie <ben@openssl.org> 2012-09-11 12:00:25 +0000
committer: Ben Laurie <ben@openssl.org> 2012-09-11 12:00:25 +0000
commit: da8512aaffe3580e3701198ef9eba2471c5edbc2 (patch)
tree: c4ad5504ae75748ad5b9decc4a8287eafd48524b /ssl/ssl_lib.c
parent: d46a1a6178672531247974d3753439850fe2c91d (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 617526a66d..555a630b1b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2320,7 +2320,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 #endif
 
 /* THIS NEEDS CLEANING UP */
-static int ssl_get_server_cert_index(SSL *s)
+static int ssl_get_server_cert_index(const SSL *s)
 	{
  	unsigned long alg_k, alg_a;
 
@@ -2371,7 +2371,7 @@ static int ssl_get_server_cert_index(SSL *s)
 		}
 	}
 
-CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
 	{
 	CERT *c;
 	int i;
@@ -2840,6 +2840,14 @@ void ssl_clear_cipher_ctx(SSL *s)
 /* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
 	{
+	if (s->server)
+		{
+		CERT_PKEY *certpkey;
+		certpkey = ssl_get_server_send_pkey(s);
+		if (certpkey && certpkey->x509)
+			return certpkey->x509;
+		}
+
 	if (s->cert != NULL)
 		return(s->cert->key->x509);
 	else
author	Ben Laurie <ben@openssl.org>	2012-09-11 12:00:25 +0000
committer	Ben Laurie <ben@openssl.org>	2012-09-11 12:00:25 +0000
commit	da8512aaffe3580e3701198ef9eba2471c5edbc2 (patch)
tree	c4ad5504ae75748ad5b9decc4a8287eafd48524b /ssl/ssl_lib.c
parent	d46a1a6178672531247974d3753439850fe2c91d (diff)