recognise X9.42 DH certificates on servers
authorDr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:29 +0000 (17:03 +0000)
crypto/evp/p_lib.c
ssl/s3_both.c

index e26ccd0..109188c 100644 (file)
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 
 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
        {
-       if(pkey->type != EVP_PKEY_DH) {
+       if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
                EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
                return NULL;
        }
index 11a9998..3495314 100644 (file)
@@ -524,7 +524,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                {
                ret = SSL_PKEY_GOST01;
                }
-       else if (x && i == EVP_PKEY_DH)
+       else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
                {
                /* For DH two cases: DH certificate signed with RSA and
                 * DH certificate signed with DSA.