projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Explicitly cache the X509v3_extensions in one more place in libssl
[openssl.git]
/
ssl
/
ssl_rsa.c
diff --git
a/ssl/ssl_rsa.c
b/ssl/ssl_rsa.c
index ac9d01a76666c9e80b1992477b5b12a419a46df8..09b965fc190b489e15bd0349a569aa23b3203ed1 100644
(file)
--- a/
ssl/ssl_rsa.c
+++ b/
ssl/ssl_rsa.c
@@
-1055,9
+1055,15
@@
static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
int j;
int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
int j;
int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
+ SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx;
STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL;
STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL;
+ if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) {
+ SSLerr(0, ERR_R_X509_LIB);
+ goto out;
+ }
+
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
if (rv != 1) {
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
if (rv != 1) {