give more meaningful error if presented with wrong certificate type by server

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 153b2bfc78c0b5c9f92bd454a250ad02bf46bb50..349531460d39f54da0e9474d913ac70370df9d7f 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -321,13 +321,13 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
        return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
        }
 
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
+unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
        {
        unsigned char *p;
        unsigned long l=7;
        BUF_MEM *buf = s->init_buf;
 
-       if (!ssl_add_cert_chain(s, x, &l))
+       if (!ssl_add_cert_chain(s, cpk, &l))
                return 0;
 
        l-=7;
@@ -524,7 +524,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                {
                ret = SSL_PKEY_GOST01;
                }
-       else if (x && i == EVP_PKEY_DH)
+       else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
                {
                /* For DH two cases: DH certificate signed with RSA and
                 * DH certificate signed with DSA.