X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_rsa.c;h=7c02878abb30595d6ee86cb2c42c2b403c5e6d05;hb=cd6bd5ffda616822b52104fee0c4c7d623fd4f53;hp=063eea5ecb9ed9e4344914f88794d929fad1aa45;hpb=ac20719d994729970eb3b775c7bffa81f0e9f960;p=openssl.git

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 063eea5ecb..7c02878abb 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -68,11 +68,19 @@ static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
 int SSL_use_certificate(SSL *ssl, X509 *x)
 	{
+	int rv;
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
+	rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+	if (rv != 1)
+		{
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+		return 0;
+		}
+
 	if (!ssl_cert_inst(&ssl->cert))
 		{
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -393,11 +401,18 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len
 
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 	{
+	int rv;
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
+	rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+	if (rv != 1)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+		return 0;
+		}
 	if (!ssl_cert_inst(&ctx->cert))
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -848,59 +863,61 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
 				   unsigned short inlen, int *al,
 				   void *arg)
 	{
-        size_t i = 0;
+	size_t i = 0;
+
 	if (inlen != 0)
 		{
 		*al = SSL_AD_DECODE_ERROR;
 		return 0;
 		}
-        //if already in list, error out
-        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
-                {
-                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
-                        {
-                        *al = SSL_AD_DECODE_ERROR;
-                        return 0;
-                        }
-                }
-        s->s3->serverinfo_client_tlsext_custom_types_count++;
-        s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
-        s->s3->serverinfo_client_tlsext_custom_types,
-        s->s3->serverinfo_client_tlsext_custom_types_count * 2);
-        if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
-                {
-                s->s3->serverinfo_client_tlsext_custom_types_count = 0;
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-                }
-        s->s3->serverinfo_client_tlsext_custom_types[
-        s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
+
+	/* if already in list, error out */
+	for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+		{
+		if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+			{
+			*al = SSL_AD_DECODE_ERROR;
+			return 0;
+			}
+		}
+	s->s3->serverinfo_client_tlsext_custom_types_count++;
+	s->s3->serverinfo_client_tlsext_custom_types = OPENSSL_realloc(
+	s->s3->serverinfo_client_tlsext_custom_types,
+	s->s3->serverinfo_client_tlsext_custom_types_count * 2);
+	if (s->s3->serverinfo_client_tlsext_custom_types == NULL)
+		{
+		s->s3->serverinfo_client_tlsext_custom_types_count = 0;
+		*al = TLS1_AD_INTERNAL_ERROR;
+		return 0;
+		}
+	s->s3->serverinfo_client_tlsext_custom_types[
+	s->s3->serverinfo_client_tlsext_custom_types_count - 1] = ext_type;
 
 	return 1;
 	}
 
 static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
-			            const unsigned char **out, unsigned short *outlen, 
-                                    int *al, void *arg)
+				    const unsigned char **out, unsigned short *outlen,
+				    int *al, void *arg)
 	{
 	const unsigned char *serverinfo = NULL;
 	size_t serverinfo_length = 0;
-        size_t i = 0;
-        unsigned int match = 0;
-        /* Did the client send a TLS extension for this type? */
-        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
-                {
-                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
-                        {
-                        match = 1;
-                        break;
-                        }
-                }
-        if (!match)
-        {
-                //extension not sent by client...don't send extension
-                return -1;
-        }
+	size_t i = 0;
+	unsigned int match = 0;
+	/* Did the client send a TLS extension for this type? */
+	for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
+		{
+		if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
+			{
+			match = 1;
+			break;
+			}
+		}
+	if (!match)
+		{
+		/* extension not sent by client...don't send extension */
+		return -1;
+		}
 
 	/* Is there serverinfo data for the chosen server cert? */
 	if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
@@ -908,7 +925,7 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
 		{
 		/* Find the relevant extension from the serverinfo */
 		int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
-					      	       ext_type, out, outlen);
+						       ext_type, out, outlen);
 		if (retval == 0)
 			return 0; /* Error */
 		if (retval == -1)