diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-09 00:23:34 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-10-24 13:46:37 +0100 |
commit | 14e14bf6964965d02ce89805d9de867f000095aa (patch) | |
tree | 2d196aafc04aa4a61a9ae4e0a43d2cd1bb1139fa /ssl | |
parent | c800c27a8c47c8e63254ec594682452c296f1e8e (diff) |
Copy negotiated parameters in SSL_set_SSL_CTX.
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the
supported signature algorithms and raw cipherlist.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d88e27db03..43204def33 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3209,15 +3209,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { + CERT *ocert = ssl->cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + if (ocert) + { + /* Preserve any already negotiated parameters */ + if (ssl->server) + { + ssl->cert->peer_sigalgs = ocert->peer_sigalgs; + ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen; + ocert->peer_sigalgs = NULL; + ssl->cert->ciphers_raw = ocert->ciphers_raw; + ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; + ocert->ciphers_raw = NULL; + } + ssl_cert_free(ocert); + } CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ |