Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate

change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work. Note for 1.0.1 and earlier also includes backport of the function ssl_get_server_send_pkey.
author: Dr. Stephen Henson <steve@openssl.org> 2012-09-21 14:01:59 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-09-21 14:01:59 +0000
commit: 353e845120045f87ca0bc850d345caa0f853d70d (patch)
tree: 2cad6aed1cf3080479e14e1df1cc428f19a00d31 /ssl/t1_lib.c
parent: d1451f18d9f447ccd26f2c80aad9750756727915 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc5be972d5..28eec44566 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1871,6 +1871,18 @@ int ssl_check_clienthello_tlsext_late(SSL *s)
 	if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
 		{
 		int r;
+		CERT_PKEY *certpkey;
+		certpkey = ssl_get_server_send_pkey(s);
+		/* If no certificate can't return certificate status */
+		if (certpkey == NULL)
+			{
+			s->tlsext_status_expected = 0;
+			return 1;
+			}
+		/* Set current certificate to one we will use so
+		 * SSL_get_certificate et al can pick it up.
+		 */
+		s->cert->key = certpkey;
 		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
 		switch (r)
 			{
author	Dr. Stephen Henson <steve@openssl.org>	2012-09-21 14:01:59 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-09-21 14:01:59 +0000
commit	353e845120045f87ca0bc850d345caa0f853d70d (patch)
tree	2cad6aed1cf3080479e14e1df1cc428f19a00d31 /ssl/t1_lib.c
parent	d1451f18d9f447ccd26f2c80aad9750756727915 (diff)