return 0;
for (i = idx; i < SSL_PKEY_NUM; i++)
{
- CERT_PKEY *cpk = c->key + i;
+ CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 && cpk->privatekey)
{
c->key = cpk;
/* No MD5 mac ciphersuites */
if (c->algorithm_mac & SSL_MD5)
return 0;
+ /* SHA1 HMAC is 160 bits of security */
+ if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+ return 0;
/* Level 2: no RC4 */
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;