Document certificate status request options.

[openssl.git] / ssl / s3_lib.c
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 72ef809fedc05ca0fb20a49fa98c4a4e4e7edd4c..a792edc1a47687be7d48c89b961e20ad241b397e 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -323,7 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -372,7 +372,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -420,7 +420,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -469,7 +469,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -517,7 +517,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -597,7 +597,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -682,7 +682,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -746,7 +746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_SSLV3,
         SSL_NOT_EXP|SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -1680,7 +1680,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2073,7 +2073,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2153,7 +2153,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2233,7 +2233,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2313,7 +2313,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2393,7 +2393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2437,13 +2437,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
         SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
         SSL_3DES,
         SSL_SHA1,
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2459,7 +2459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2475,7 +2475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_TLSV1,
         SSL_NOT_EXP|SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
+       112,
         168,
         },
  
@@ -2485,7 +2485,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
         SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
         SSL_AES128,
         SSL_SHA1,
         SSL_TLSV1,
@@ -2533,7 +2533,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
         SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
         SSL_AES256,
         SSL_SHA1,
         SSL_TLSV1,
@@ -3432,6 +3432,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 return ssl_cert_select_current(s->cert, (X509 *)parg);
  
         case SSL_CTRL_SET_CURRENT_CERT:
+               if (larg == SSL_CERT_SET_SERVER)
+                       {
+                       CERT_PKEY *cpk;
+                       const SSL_CIPHER *cipher;
+                       if (!s->server)
+                               return 0;
+                       cipher = s->s3->tmp.new_cipher;
+                       if (!cipher)
+                               return 0;
+                       /* No certificate for unauthenticated ciphersuites */
+                       if (cipher->algorithm_auth & SSL_aNULL)
+                               return 2;
+                       cpk = ssl_get_server_send_pkey(s);
+                       if (!cpk)
+                               return 0;
+                       s->cert->key = cpk;
+                       return 1;
+                       }
                 return ssl_cert_set_current(s->cert, larg);
  
  #ifndef OPENSSL_NO_EC