static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
-
- i=ssl_cert_type(NULL,pkey);
+ /* Special case for DH: check two DH certificate types for a match.
+ * This means for DH certificates we must set the certificate first.
+ */
+ if (pkey->type == EVP_PKEY_DH)
+ {
+ X509 *x;
+ i = -1;
+ x = c->pkeys[SSL_PKEY_DH_RSA].x509;
+ if (x && X509_check_private_key(x, pkey))
+ i = SSL_PKEY_DH_RSA;
+ x = c->pkeys[SSL_PKEY_DH_DSA].x509;
+ if (i == -1 && x && X509_check_private_key(x, pkey))
+ i = SSL_PKEY_DH_DSA;
+ ERR_clear_error();
+ }
+ else
+ i=ssl_cert_type(NULL,pkey);
if (i < 0)
{
SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
int ret=0;
X509 *x=NULL;
+ ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
in=BIO_new(BIO_s_file_internal());
if (in == NULL)
{
goto end;
}
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+ x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);