Allow match selecting of current certificate.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 13 Nov 2013 22:57:11 +0000 (22:57 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 13 Nov 2013 23:47:49 +0000 (23:47 +0000)
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)

ssl/ssl_cert.c

index a4550ed2d37e941df6f972244c5e962f4deb8d0b..e6234eba885e23b2b6ef85eb6134d83b80078ffa 100644 (file)
@@ -624,6 +624,8 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
 int ssl_cert_select_current(CERT *c, X509 *x)
        {
        int i;
+       if (x == NULL)
+               return 0;
        for (i = 0; i < SSL_PKEY_NUM; i++)
                {
                if (c->pkeys[i].x509 == x)
@@ -632,6 +634,15 @@ int ssl_cert_select_current(CERT *c, X509 *x)
                        return 1;
                        }
                }
+
+       for (i = 0; i < SSL_PKEY_NUM; i++)
+               {
+               if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+                       {
+                       c->key = &c->pkeys[i];
+                       return 1;
+                       }
+               }
        return 0;
        }