if (need_cert)
{
+ int exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
+ if (exp_idx >= 0 && i != exp_idx)
+ {
+ x=NULL;
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_WRONG_CERTIFICATE_TYPE);
+ goto f_err;
+ }
sc->peer_cert_type=i;
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
/* Why would the following ever happen?