Add official extension value.

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index d56b2c5dd581321376ae8e2d6c62888050db9ca5..4e75a962839eb5f87d16db7a84bf1e1d8d4703e0 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -670,7 +670,7 @@ int ssl_cert_set_current(CERT *c, long op)
                return 0;
        for (i = idx; i < SSL_PKEY_NUM; i++)
                {
-               CERT_PKEY *cpk = c->key + i;
+               CERT_PKEY *cpk = c->pkeys + i;
                if (cpk->x509 && cpk->privatekey)
                        {
                        c->key = cpk;
@@ -1411,6 +1411,9 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits,
                /* No MD5 mac ciphersuites */
                if (c->algorithm_mac & SSL_MD5)
                        return 0;
+               /* SHA1 HMAC is 160 bits of security */
+               if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+                       return 0;
                /* Level 2: no RC4 */
                if (level >= 2 && c->algorithm_enc == SSL_RC4)
                        return 0;