appropriate checks in tls1_check_chain.
(backport from HEAD)
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
- /* if we are considering an ECC cipher suite that uses our
- * certificate check it */
- if (alg_a & (SSL_aECDSA|SSL_aECDH))
- ok = ok && tls1_check_ec_server_key(s);
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
if (alg_k & SSL_kEECDH)
int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
-int tls1_check_ec_server_key(SSL *s);
int tls1_check_ec_tmp_key(SSL *s);
#endif /* OPENSSL_NO_EC */
return 0;
return tls1_check_ec_key(s, curve_id, &comp_id);
}
-/* Check EC server key is compatible with client extensions */
-int tls1_check_ec_server_key(SSL *s)
- {
- CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
- if (!cpk->x509 || !cpk->privatekey)
- return 0;
- return tls1_check_cert_param(s, cpk->x509);
- }
/* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s)
{
projects / oweals / openssl.git / commitdiff