diff options
author | Ben Laurie <ben@openssl.org> | 2012-09-11 12:00:25 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2012-09-11 12:00:25 +0000 |
commit | da8512aaffe3580e3701198ef9eba2471c5edbc2 (patch) | |
tree | c4ad5504ae75748ad5b9decc4a8287eafd48524b /ssl/ssl_lib.c | |
parent | d46a1a6178672531247974d3753439850fe2c91d (diff) |
Call OCSP Stapling callback after ciphersuite has been chosen, so the
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent. See
http://rt.openssl.org/Ticket/Display.html?id=2836.
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 617526a66d..555a630b1b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2320,7 +2320,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) #endif /* THIS NEEDS CLEANING UP */ -static int ssl_get_server_cert_index(SSL *s) +static int ssl_get_server_cert_index(const SSL *s) { unsigned long alg_k, alg_a; @@ -2371,7 +2371,7 @@ static int ssl_get_server_cert_index(SSL *s) } } -CERT_PKEY *ssl_get_server_send_pkey(SSL *s) +CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) { CERT *c; int i; @@ -2840,6 +2840,14 @@ void ssl_clear_cipher_ctx(SSL *s) /* Fix this function so that it takes an optional type parameter */ X509 *SSL_get_certificate(const SSL *s) { + if (s->server) + { + CERT_PKEY *certpkey; + certpkey = ssl_get_server_send_pkey(s); + if (certpkey && certpkey->x509) + return certpkey->x509; + } + if (s->cert != NULL) return(s->cert->key->x509); else |