fix no-dh configure option; patch supplied by Peter Meerwald

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0c9bd073784c44f10403c9164162e3f29ae73c14..452a0822d9a3e2a4f87ce4f2aae27f6e31a96e02 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -121,7 +121,9 @@
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#endif
 #include <openssl/bn.h>
 #include "ssl_locl.h"
 
@@ -198,7 +200,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_DH
        if (cert->dh_tmp != NULL)
                {
-               /* DH parameters don't have a reference count */
                ret->dh_tmp = DHparams_dup(cert->dh_tmp);
                if (ret->dh_tmp == NULL)
                        {
@@ -232,8 +233,12 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_ECDH
        if (cert->ecdh_tmp)
                {
-               EC_KEY_up_ref(cert->ecdh_tmp);
-               ret->ecdh_tmp = cert->ecdh_tmp;
+               ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+               if (ret->ecdh_tmp == NULL)
+                       {
+                       SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+                       goto err;
+                       }
                }
        ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
 #endif
@@ -291,7 +296,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
        return(ret);
        
-#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
 #ifndef OPENSSL_NO_RSA