Set TLS padding extension value.

[openssl.git] / ssl / ssl_rsa.c

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 799210f5e29227b1134f34a5a1817fa9772b6bc3..7c02878abb30595d6ee86cb2c42c2b403c5e6d05 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -68,11 +68,19 @@ static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
 int SSL_use_certificate(SSL *ssl, X509 *x)
        {
+       int rv;
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
+       rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+       if (rv != 1)
+               {
+               SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+               return 0;
+               }
+
        if (!ssl_cert_inst(&ssl->cert))
                {
                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -393,11 +401,18 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len
 
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
        {
+       int rv;
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
+       rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+       if (rv != 1)
+               {
+               SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+               return 0;
+               }
        if (!ssl_cert_inst(&ctx->cert))
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
@@ -844,17 +859,19 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
        }
 
 static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
-                               const unsigned char *in,
-                               unsigned short inlen, int *al,
-                               void *arg)
+                                  const unsigned char *in,
+                                  unsigned short inlen, int *al,
+                                  void *arg)
        {
        size_t i = 0;
+
        if (inlen != 0)
                {
                *al = SSL_AD_DECODE_ERROR;
                return 0;
                }
-       //if already in list, error out
+
+       /* if already in list, error out */
        for (i = 0; i < s->s3->serverinfo_client_tlsext_custom_types_count; i++)
                {
                if (s->s3->serverinfo_client_tlsext_custom_types[i] == ext_type)
@@ -880,8 +897,8 @@ static int serverinfo_srv_first_cb(SSL *s, unsigned short ext_type,
        }
 
 static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
-                               const unsigned char **out, unsigned short *outlen,
-                               int *al, void *arg)
+                                   const unsigned char **out, unsigned short *outlen,
+                                   int *al, void *arg)
        {
        const unsigned char *serverinfo = NULL;
        size_t serverinfo_length = 0;
@@ -898,17 +915,17 @@ static int serverinfo_srv_second_cb(SSL *s, unsigned short ext_type,
                }
        if (!match)
                {
-               //extension not sent by client...don't send extension
+               /* extension not sent by client...don't send extension */
                return -1;
                }
 
        /* Is there serverinfo data for the chosen server cert? */
        if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
-               &serverinfo_length)) != 0)
+                                           &serverinfo_length)) != 0)
                {
                /* Find the relevant extension from the serverinfo */
                int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
-                                                       ext_type, out, outlen);
+                                                      ext_type, out, outlen);
                if (retval == 0)
                        return 0; /* Error */
                if (retval == -1)