Enable PSK in FIPS mode.

[oweals/openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 14d143da0441eee78b3f9b50896a65022edb4cf4..6dbc3c1f7d0a7ea02614a123eb82130ba98f653c 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
        ret->extra_certs=NULL;
-       ret->comp_methods=SSL_COMP_get_compression_methods();
+       /* No compression for DTLS */
+       if (meth->version != DTLS1_VERSION)
+               ret->comp_methods=SSL_COMP_get_compression_methods();
 
        ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
 /* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
        {
-       if (s->server)
-               return(ssl_get_server_send_cert(s));
-       else if (s->cert != NULL)
+       if (s->cert != NULL)
                return(s->cert->key->x509);
        else
                return(NULL);