From 38e8f3cd815f86b80d54892bb40ba67ab9fb83bd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 19 Feb 2017 21:16:46 +0000 Subject: [PATCH] Check validity, not just signing for all certificates Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2679) --- ssl/ssl_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 48c37b8217..dea2dac05b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2768,8 +2768,8 @@ void ssl_set_masks(SSL *s) #endif rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; - rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_SIGN; - dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; + rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; + dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif -- 2.25.1