PR: 2118

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index df808e817b5e5c42b9e7b88708699fb781c0d3f0..b3b356d5ab0ac5d3c867da77b1097438015683bc 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -486,6 +486,16 @@ int SSL_set_trust(SSL *s, int trust)
        return X509_VERIFY_PARAM_set_trust(s->param, trust);
        }
 
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+       {
+       return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+       }
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+       {
+       return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+       }
+
 void SSL_free(SSL *s)
        {
        int i;
@@ -546,7 +556,6 @@ void SSL_free(SSL *s)
        if (s->cert != NULL) ssl_cert_free(s->cert);
        /* Free up if allocated */
 
-       if (s->ctx) SSL_CTX_free(s->ctx);
 #ifndef OPENSSL_NO_TLSEXT
        if (s->tlsext_hostname)
                OPENSSL_free(s->tlsext_hostname);
@@ -570,6 +579,8 @@ void SSL_free(SSL *s)
 
        if (s->method != NULL) s->method->ssl_free(s);
 
+       if (s->ctx) SSL_CTX_free(s->ctx);
+
 #ifndef        OPENSSL_NO_KRB5
        if (s->kssl_ctx != NULL)
                kssl_ctx_free(s->kssl_ctx);
@@ -1343,9 +1354,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                    s->psk_client_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
-               /* DTLS doesn't currently support ECDHE */
-               if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
-                       continue;
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }