diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-09-11 13:34:08 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-09-11 13:34:08 +0000 |
commit | e5db9c3b67deb80e274f66e3832a9cfba931670c (patch) | |
tree | bd404aa6462b255b48eebc067dce714d803bd1db /ssl/t1_lib.c | |
parent | 2daceb0342c8ca3514f37796e7f983e232d63f2a (diff) |
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 254221bcf9..31b3bd75c7 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2755,6 +2755,18 @@ int ssl_check_clienthello_tlsext_late(SSL *s) if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) { int r; + CERT_PKEY *certpkey; + certpkey = ssl_get_server_send_pkey(s); + /* If no certificate can't return certificate status */ + if (certpkey == NULL) + { + s->tlsext_status_expected = 0; + return 1; + } + /* Set current certificate to one we will use so + * SSL_get_certificate et al can pick it up. + */ + s->cert->key = certpkey; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); switch (r) { |