Add new "valid_flags" field to CERT_PKEY structure which determines what

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4205f6e6cccee320c6d662e0a60d341547199b8d..89a51311196a9fe5b68a7668c7844b986cf49460 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -164,14 +164,14 @@ void ssl_cert_set_default_md(CERT *cert)
        {
        /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+       cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        }
 
@@ -334,6 +334,7 @@ CERT *ssl_cert_dup(CERT *cert)
                                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
                                }
                        }
+               rpk->valid_flags = 0;
                 if (cert->pkeys[i].authz != NULL)
                        {
                        /* Just copy everything. */
@@ -376,6 +377,8 @@ CERT *ssl_cert_dup(CERT *cert)
        /* Shared sigalgs also NULL */
        ret->shared_sigalgs = NULL;
 
+       ret->cert_flags = cert->cert_flags;
+
        return(ret);
        
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
@@ -428,6 +431,7 @@ void ssl_cert_clear_certs(CERT *c)
                 if (cpk->authz != NULL)
                        OPENSSL_free(cpk->authz);
 #endif
+               cpk->valid_flags = 0;
                }
        }