From 629b640bbc5391c6ac727aaa8465c5c5f99a5708 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 13 Nov 2013 22:57:11 +0000
Subject: [PATCH] Allow match selecting of current certificate.

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
---
 ssl/ssl_cert.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9d77ef79a2..005d82d630 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -602,6 +602,8 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
 int ssl_cert_select_current(CERT *c, X509 *x)
 	{
 	int i;
+	if (x == NULL)
+		return 0;
 	for (i = 0; i < SSL_PKEY_NUM; i++)
 		{
 		if (c->pkeys[i].x509 == x)
@@ -610,6 +612,15 @@ int ssl_cert_select_current(CERT *c, X509 *x)
 			return 1;
 			}
 		}
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))
+			{
+			c->key = &c->pkeys[i];
+			return 1;
+			}
+		}
 	return 0;
 	}
 
-- 
2.25.1