diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-06 11:33:12 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-06 11:33:12 +0000 |
commit | 0ffa49970b9f8ea66b43ce2eb7f8fd523b65bc2c (patch) | |
tree | 916ed4cced31cec4dd4e0728155451458c514d73 /ssl/ssl_rsa.c | |
parent | 8cd2ea552e3c6b0cc34e20959daae01b53f03bd7 (diff) |
Backport support for fixed DH ciphersuites (from HEAD)
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c0960b5712..b7c19051e9 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -182,8 +182,23 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { int i; - - i=ssl_cert_type(NULL,pkey); + /* Special case for DH: check two DH certificate types for a match. + * This means for DH certificates we must set the certificate first. + */ + if (pkey->type == EVP_PKEY_DH) + { + X509 *x; + i = -1; + x = c->pkeys[SSL_PKEY_DH_RSA].x509; + if (x && X509_check_private_key(x, pkey)) + i = SSL_PKEY_DH_RSA; + x = c->pkeys[SSL_PKEY_DH_DSA].x509; + if (i == -1 && x && X509_check_private_key(x, pkey)) + i = SSL_PKEY_DH_DSA; + ERR_clear_error(); + } + else + i=ssl_cert_type(NULL,pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); |