Fix excert logic.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 17 Nov 2014 16:30:51 +0000 (16:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 19 Nov 2014 22:52:56 +0000 (22:52 +0000)
If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 786370b1b09b919d9306f27336e13783e4fe3fd0)

apps/s_cb.c

index cf34e00..e597eb3 100644 (file)
@@ -1407,9 +1407,15 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                if (!exc->cert)
                        return 0;
                if (exc->keyfile)
-                       exc->keyfile = exc->certfile;
-               exc->key = load_key(err, exc->certfile, exc->certform, 0,
-                                       NULL, NULL, "Server Certificate");
+                       {
+                       exc->key = load_key(err, exc->keyfile, exc->keyform,
+                                           0, NULL, NULL, "Server Key");
+                       }
+               else
+                       {
+                       exc->key = load_key(err, exc->certfile, exc->certform,
+                                           0, NULL, NULL, "Server Key");
+                       }
                if (!exc->key)
                        return 0;
                if (exc->chainfile)
@@ -1418,7 +1424,7 @@ int load_excert(SSL_EXCERT **pexc, BIO *err)
                                                exc->chainfile, FORMAT_PEM,
                                                NULL, NULL,
                                                "Server Chain");
-                       if (!exc->chainfile)
+                       if (!exc->chain)
                                return 0;
                        }
                }