Error messages for client ECC cert verification.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index e84dbf5aa6961ba857941350631cde9c136874cd..0fb959e35f91c1ee44c4cba30c2c7c3e44a51717 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -164,10 +164,6 @@
 static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 
 static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 

-#ifndef OPENSSL_NO_ECDH
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-#endif
-

 static const SSL_METHOD *ssl3_get_client_method(int ver)
        {
        if (ver == SSL3_VERSION)
 static const SSL_METHOD *ssl3_get_client_method(int ver)
        {
        if (ver == SSL3_VERSION)


@@ -2506,7 +2502,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 #ifndef OPENSSL_NO_ECDH
        if (idx == SSL_PKEY_ECC)
                {
 #ifndef OPENSSL_NO_ECDH
        if (idx == SSL_PKEY_ECC)
                {

-               if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+               if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,

                    s->s3->tmp.new_cipher) == 0) 
                        { /* check failed */
                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
                    s->s3->tmp.new_cipher) == 0) 
                        { /* check failed */
                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);