Check validity, not just signing for all certificates

author Dr. Stephen Henson <steve@openssl.org>

Sun, 19 Feb 2017 21:16:46 +0000 (21:16 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 21 Feb 2017 17:41:44 +0000 (17:41 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 19 Feb 2017 21:16:46 +0000 (21:16 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 21 Feb 2017 17:41:44 +0000 (17:41 +0000)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 48c37b821768ffabf92128f75b91b3c5fd03f3dd..dea2dac05b976680c486b42a163420b40a0c73bf 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2768,8 +2768,8 @@ void ssl_set_masks(SSL *s)
  #endif
  
      rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
-    rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_SIGN;
-    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
+    rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
  #ifndef OPENSSL_NO_EC
      have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
  #endif
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 19 Feb 2017 21:16:46 +0000 (21:16 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 21 Feb 2017 17:41:44 +0000 (17:41 +0000)