Fix excert logic.

If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 786370b1b09b919d9306f27336e13783e4fe3fd0)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index cf34e00a4c22bda3f4f8fd8e5677240c34c53232..e597eb360f9ae65c0e8eec5623188cc70a6ed7f2 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1407,9 +1407,15 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                if (!exc->cert)
                        return 0;
                if (exc->keyfile)
-                       exc->keyfile = exc->certfile;
-               exc->key = load_key(err, exc->certfile, exc->certform, 0,
-                                       NULL, NULL, "Server Certificate");
+                       {
+                       exc->key = load_key(err, exc->keyfile, exc->keyform,
+                                           0, NULL, NULL, "Server Key");
+                       }
+               else
+                       {
+                       exc->key = load_key(err, exc->certfile, exc->certform,
+                                           0, NULL, NULL, "Server Key");
+                       }
                if (!exc->key)
                        return 0;
                if (exc->chainfile)
@@ -1418,7 +1424,7 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                                                exc->chainfile, FORMAT_PEM,
                                                NULL, NULL,
                                                "Server Chain");
-                       if (!exc->chainfile)
+                       if (!exc->chain)
                                return 0;
                        }
                }