X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=d47f26865bf58f5f66e3f94c2c16aad7a200c535;hp=7eb1a0cafc088782d709fc41a11b6d167575c28b;hb=e91fb53b38a75953a693fadbc09177245bc7a05d;hpb=2911575c6e790541e495927a60121d7546a66962

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7eb1a0cafc..d47f26865b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -536,6 +536,16 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
 	}
 
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+	{
+	return ctx->param;
+	}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+	{
+	return ssl->param;
+	}
+
 void SSL_certs_clear(SSL *s)
 	{
 	ssl_cert_clear_certs(s->cert);
@@ -2401,20 +2411,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		emask_k|=SSL_kRSA;
 
 #if 0
-	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+	/* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 #endif
 
 	if (dh_tmp_export)
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 
 	if (dh_tmp)
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 
 	if (dh_rsa) mask_k|=SSL_kDHr;
 	if (dh_rsa_export) emask_k|=SSL_kDHr;
@@ -2512,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
 	if (have_ecdh_tmp)
 		{
-		mask_k|=SSL_kEECDH;
-		emask_k|=SSL_kEECDH;
+		mask_k|=SSL_kECDHE;
+		emask_k|=SSL_kECDHE;
 		}
 #endif
 
@@ -2740,6 +2750,11 @@ void ssl_update_cache(SSL *s,int mode)
 		}
 	}
 
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+	{
+	return ctx->method;
+	}
+
 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
 	{
 	return(s->method);
@@ -3103,7 +3118,6 @@ void ssl_clear_cipher_ctx(SSL *s)
 #endif
 	}
 
-/* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
 	{
 	if (s->cert != NULL)
@@ -3112,8 +3126,7 @@ X509 *SSL_get_certificate(const SSL *s)
 		return(NULL);
 	}
 
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->privatekey);
@@ -3121,6 +3134,22 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
 		return(NULL);
 	}
 
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->x509;
+	else
+		return NULL;
+	}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->privatekey;
+	else
+		return NULL ;
+	}
+
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
 	{
 	if ((s->session != NULL) && (s->session->cipher != NULL))