SSL_SRP_CTX_free(s);
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
- OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
+ if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
+ OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
#endif
OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
+ if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
{
- OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
- s->s3->serverinfo_client_tlsext_custom_types = NULL;
+ OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
+ s->s3->serverinfo_client_tlsext_custom_types = NULL;
}
- s->s3->serverinfo_client_tlsext_custom_types_count = 0;
+ s->s3->serverinfo_client_tlsext_custom_types_count = 0;
#ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */
return(ret);
}
break;
+ case SSL_CTRL_SET_DH_AUTO:
+ s->cert->dh_tmp_auto = larg;
+ return 1;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
return ssl_cert_select_current(s->cert, (X509 *)parg);
case SSL_CTRL_SET_CURRENT_CERT:
+ if (larg == SSL_CERT_SET_SERVER)
+ {
+ CERT_PKEY *cpk;
+ const SSL_CIPHER *cipher;
+ if (!s->server)
+ return 0;
+ cipher = s->s3->tmp.new_cipher;
+ if (!cipher)
+ return 0;
+ /* No certificate for unauthenticated ciphersuites */
+ if (cipher->algorithm_auth & SSL_aNULL)
+ return 2;
+ cpk = ssl_get_server_send_pkey(s);
+ if (!cpk)
+ return 0;
+ s->cert->key = cpk;
+ return 1;
+ }
return ssl_cert_set_current(s->cert, larg);
#ifndef OPENSSL_NO_EC
return(0);
}
break;
+ case SSL_CTRL_SET_DH_AUTO:
+ ctx->cert->dh_tmp_auto = larg;
+ return 1;
#endif
#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
break;
case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
- *(STACK_OF(X509) **)parg = ctx->extra_certs;
- if (parg == NULL && larg == 0)
+ if (ctx->extra_certs == NULL && larg == 0)
*(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+ else
+ *(STACK_OF(X509) **)parg = ctx->extra_certs;
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: