don't use pseudo digests for default values of keys

[oweals/openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 5822379d10ab817af9458de36221d0e6941dda0e..7ab9091836bd046afcaf8cf40619c11dede1ec9e 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -920,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
                p=s->s3->server_random;
                Time=(unsigned long)time(NULL);                 /* Time */
                l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
@@ -1569,12 +1569,12 @@ err:
 int dtls1_send_server_certificate(SSL *s)
        {
        unsigned long l;
-       X509 *x;
+       CERT_PKEY *cpk;
 
        if (s->state == SSL3_ST_SW_CERT_A)
                {
-               x=ssl_get_server_send_cert(s);
-               if (x == NULL)
+               cpk=ssl_get_server_send_pkey(s);
+               if (cpk == NULL)
                        {
                        /* VRS: allow null cert if auth == KRB5 */
                        if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
@@ -1585,7 +1585,7 @@ int dtls1_send_server_certificate(SSL *s)
                                }
                        }
 
-               l=dtls1_output_cert_chain(s,x);
+               l=dtls1_output_cert_chain(s,cpk);
                s->state=SSL3_ST_SW_CERT_B;
                s->init_num=(int)l;
                s->init_off=0;