X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=00bf887fdbdd32b9fa8ed81b7bd8fd6a26f9d87b;hb=b5640316771fb776101cf6be8e6ae2ed5cf93d02;hp=f93db31c772a3b2edbb267554670a6ae11dcbc9e;hpb=349807608f31b20af01a342d0072bb92e0b036e2;p=openssl.git

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index f93db31c77..00bf887fdb 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -377,7 +377,12 @@ static int ssl_set_cert(CERT *c, X509 *x)
         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
         return 0;
     }
-
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
     if (c->pkeys[i].privatekey != NULL) {
         /*
          * The return code from EVP_PKEY_copy_parameters is deliberately