recognise X9.42 DH certificates on servers

author Dr. Stephen Henson <steve@openssl.org>

Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c

index e26ccd0d086a5f390cde8b397540f7565100d5a7..109188c45b50e95c8faeaa11d36a6ad2cf4d771e 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
  
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
         {
-       if(pkey->type != EVP_PKEY_DH) {
+       if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
                 EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
                 return NULL;
         }
diff --git a/ssl/s3_both.c b/ssl/s3_both.c

index 11a9998c59fd8f4f9c45e028fa77b1b577c8cf4b..349531460d39f54da0e9474d913ac70370df9d7f 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -524,7 +524,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                 {
                 ret = SSL_PKEY_GOST01;
                 }
-       else if (x && i == EVP_PKEY_DH)
+       else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
                 {
                 /* For DH two cases: DH certificate signed with RSA and
                  * DH certificate signed with DSA.
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
crypto/evp/p_lib.c		patch \| blob \| history
ssl/s3_both.c		patch \| blob \| history