X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=00bf887fdbdd32b9fa8ed81b7bd8fd6a26f9d87b;hb=a57bfe43e33f5e7e9dec034796c301fa0628a4b7;hp=aa4959916bb8a670141d167085699290a6d8d0fb;hpb=3aeb93486588e7dd01379c50b8fd496d55cf8858;p=openssl.git

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index aa4959916b..00bf887fdb 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1,4 +1,3 @@
-/* ssl/ssl_rsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -378,7 +377,12 @@ static int ssl_set_cert(CERT *c, X509 *x)
         SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
         return 0;
     }
-
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
     if (c->pkeys[i].privatekey != NULL) {
         /*
          * The return code from EVP_PKEY_copy_parameters is deliberately