Only set current certificate to valid values.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 23 Feb 2014 13:46:52 +0000 (13:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 23 Feb 2014 13:46:52 +0000 (13:46 +0000)
When setting the current certificate check that it has a corresponding
private key.

ssl/ssl_cert.c

index ec208b5..2c66460 100644 (file)
@@ -606,18 +606,20 @@ int ssl_cert_select_current(CERT *c, X509 *x)
                return 0;
        for (i = 0; i < SSL_PKEY_NUM; i++)
                {
                return 0;
        for (i = 0; i < SSL_PKEY_NUM; i++)
                {
-               if (c->pkeys[i].x509 == x)
+               CERT_PKEY *cpk = c->pkeys + i;
+               if (cpk->x509 == x && cpk->privatekey)
                        {
                        {
-                       c->key = &c->pkeys[i];
+                       c->key = cpk;
                        return 1;
                        }
                }
 
        for (i = 0; i < SSL_PKEY_NUM; i++)
                {
                        return 1;
                        }
                }
 
        for (i = 0; i < SSL_PKEY_NUM; i++)
                {
-               if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+               CERT_PKEY *cpk = c->pkeys + i;
+               if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x))
                        {
                        {
-                       c->key = &c->pkeys[i];
+                       c->key = cpk;
                        return 1;
                        }
                }
                        return 1;
                        }
                }
@@ -641,9 +643,10 @@ int ssl_cert_set_current(CERT *c, long op)
                return 0;
        for (i = idx; i < SSL_PKEY_NUM; i++)
                {
                return 0;
        for (i = idx; i < SSL_PKEY_NUM; i++)
                {
-               if (c->pkeys[i].x509)
+               CERT_PKEY *cpk = c->key + i;
+               if (cpk->x509 && cpk->privatekey)
                        {
                        {
-                       c->key = &c->pkeys[i];
+                       c->key = cpk;
                        return 1;
                        }
                }
                        return 1;
                        }
                }