Oops, get selection logic right.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ef7a5d7e05b9876037824ea06ce8d8e151a137b1..4531f4655667586a7bb5837bb011ad943d2c6422 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -428,8 +428,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 11 */
        {
        1,
-       SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
-       SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+       SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,
+       SSL3_CK_DHE_DSS_DES_40_CBC_SHA,
        SSL_kDHE,
        SSL_aDSS,
        SSL_DES,
@@ -444,8 +444,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 12 */
        {
        1,
-       SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-       SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+       SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,
+       SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
        SSL_kDHE,
        SSL_aDSS,
        SSL_DES,
@@ -460,8 +460,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 13 */
        {
        1,
-       SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-       SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+       SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+       SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
        SSL_kDHE,
        SSL_aDSS,
        SSL_3DES,
@@ -476,8 +476,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 14 */
        {
        1,
-       SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
-       SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+       SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,
+       SSL3_CK_DHE_RSA_DES_40_CBC_SHA,
        SSL_kDHE,
        SSL_aRSA,
        SSL_DES,
@@ -492,8 +492,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 15 */
        {
        1,
-       SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
-       SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+       SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,
+       SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
        SSL_kDHE,
        SSL_aRSA,
        SSL_DES,
@@ -508,8 +508,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* Cipher 16 */
        {
        1,
-       SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-       SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+       SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+       SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
        SSL_kDHE,
        SSL_aRSA,
        SSL_3DES,
@@ -3029,8 +3029,8 @@ void ssl3_free(SSL *s)
        SSL_SRP_CTX_free(s);
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->tlsext_custom_types != NULL)
-               OPENSSL_free(s->s3->tlsext_custom_types);
+       if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
+               OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
 #endif
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
@@ -3076,12 +3076,12 @@ void ssl3_clear(SSL *s)
                }
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-       if (s->s3->tlsext_custom_types != NULL)
+       if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
                {
-               OPENSSL_free(s->s3->tlsext_custom_types);
-               s->s3->tlsext_custom_types = NULL;
+               OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
+               s->s3->serverinfo_client_tlsext_custom_types = NULL;
                }
-       s->s3->tlsext_custom_types_count = 0;   
+       s->s3->serverinfo_client_tlsext_custom_types_count = 0;
 #ifndef OPENSSL_NO_EC
        s->s3->is_probably_safari = 0;
 #endif /* !OPENSSL_NO_EC */
@@ -3431,6 +3431,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        case SSL_CTRL_SELECT_CURRENT_CERT:
                return ssl_cert_select_current(s->cert, (X509 *)parg);
 
+       case SSL_CTRL_SET_CURRENT_CERT:
+               return ssl_cert_set_current(s->cert, larg);
+
 #ifndef OPENSSL_NO_EC
        case SSL_CTRL_GET_CURVES:
                {
@@ -3905,7 +3908,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                break;
 
        case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-               *(STACK_OF(X509) **)parg =  ctx->extra_certs;
+               if (ctx->extra_certs == NULL && larg == 0)
+                       *(STACK_OF(X509) **)parg =  ctx->cert->key->chain;
+               else
+                       *(STACK_OF(X509) **)parg =  ctx->extra_certs;
                break;
 
        case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
@@ -3937,6 +3943,9 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        case SSL_CTRL_SELECT_CURRENT_CERT:
                return ssl_cert_select_current(ctx->cert, (X509 *)parg);
 
+       case SSL_CTRL_SET_CURRENT_CERT:
+               return ssl_cert_set_current(ctx->cert, larg);
+
        default:
                return(0);
                }