#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA)
{
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
if ((rsa=RSA_new()) == NULL)
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);