recognise X9.42 DH certificates on servers

author Dr. Stephen Henson <steve@openssl.org>

Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c

index e26ccd0d086a5f390cde8b397540f7565100d5a7..109188c45b50e95c8faeaa11d36a6ad2cf4d771e 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
  
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
         {
-       if(pkey->type != EVP_PKEY_DH) {
+       if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
                 EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
                 return NULL;
         }
diff --git a/ssl/s3_both.c b/ssl/s3_both.c

index 2beb818e2b4ca10d95911417ff0b03b37650abde..fc339665dcdd94cd2222acae8a33135b178071bb 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -520,7 +520,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                 {
                 ret = SSL_PKEY_GOST01;
                 }
-       else if (x && i == EVP_PKEY_DH)
+       else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
                 {
                 /* For DH two cases: DH certificate signed with RSA and
                  * DH certificate signed with DSA.
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 18 Apr 2012 17:03:45 +0000 (17:03 +0000)
crypto/evp/p_lib.c		patch \| blob \| history
ssl/s3_both.c		patch \| blob \| history