Fix excert logic.

If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/apps/s_cb.c b/apps/s_cb.c
index ed877af1220e9d4da16e45987c8339d54187f8bb..c6c721ebe1abe34a32b46f4c670c4efd87dd636c 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1402,9 +1402,15 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                if (!exc->cert)
                        return 0;
                if (exc->keyfile)
-                       exc->keyfile = exc->certfile;
-               exc->key = load_key(err, exc->certfile, exc->certform, 0,
-                                       NULL, NULL, "Server Certificate");
+                       {
+                       exc->key = load_key(err, exc->keyfile, exc->keyform,
+                                           0, NULL, NULL, "Server Key");
+                       }
+               else
+                       {
+                       exc->key = load_key(err, exc->certfile, exc->certform,
+                                           0, NULL, NULL, "Server Key");
+                       }
                if (!exc->key)
                        return 0;
                if (exc->chainfile)
@@ -1413,7 +1419,7 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                                                exc->chainfile, FORMAT_PEM,
                                                NULL, NULL,
                                                "Server Chain");
-                       if (!exc->chainfile)
+                       if (!exc->chain)
                                return 0;
                        }
                }