projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
[openssl.git] / ssl / ssl_rsa.c
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index c0960b5712b8e596ec4ed057e915da804ec68bde..b7c19051e97cc3781acb20b0a2a68cd1a8b86db5 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -182,8 +182,23 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
        {
        int i;
-
-       i=ssl_cert_type(NULL,pkey);
+       /* Special case for DH: check two DH certificate types for a match.
+        * This means for DH certificates we must set the certificate first.
+        */
+       if (pkey->type == EVP_PKEY_DH)
+               {
+               X509 *x;
+               i = -1;
+               x = c->pkeys[SSL_PKEY_DH_RSA].x509;
+               if (x && X509_check_private_key(x, pkey))
+                               i = SSL_PKEY_DH_RSA;
+               x = c->pkeys[SSL_PKEY_DH_DSA].x509;
+               if (i == -1 && x && X509_check_private_key(x, pkey))
+                               i = SSL_PKEY_DH_DSA;
+               ERR_clear_error();
+               }
+       else 
+               i=ssl_cert_type(NULL,pkey);
        if (i < 0)
                {
                SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
Unnamed repository; edit this file 'description' to name the repository.