diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-01-16 18:19:14 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-01-16 18:19:14 +0000 |
commit | 8e1dc4d7ca9278fdfe68b81467b588dfdd7f8f1b (patch) | |
tree | 0ca3d697afbe656134090e3bc9179ad9ba8f06e0 /ssl/ssl_rsa.c | |
parent | a985410d2df042e302ba210a5963d308aec46d35 (diff) | |
download | openssl-8e1dc4d7ca9278fdfe68b81467b588dfdd7f8f1b.zip openssl-8e1dc4d7ca9278fdfe68b81467b588dfdd7f8f1b.tar.gz openssl-8e1dc4d7ca9278fdfe68b81467b588dfdd7f8f1b.tar.bz2 |
Support for fixed DH ciphersuites.
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index c0960b5..b7c1905 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -182,8 +182,23 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { int i; - - i=ssl_cert_type(NULL,pkey); + /* Special case for DH: check two DH certificate types for a match. + * This means for DH certificates we must set the certificate first. + */ + if (pkey->type == EVP_PKEY_DH) + { + X509 *x; + i = -1; + x = c->pkeys[SSL_PKEY_DH_RSA].x509; + if (x && X509_check_private_key(x, pkey)) + i = SSL_PKEY_DH_RSA; + x = c->pkeys[SSL_PKEY_DH_DSA].x509; + if (i == -1 && x && X509_check_private_key(x, pkey)) + i = SSL_PKEY_DH_DSA; + ERR_clear_error(); + } + else + i=ssl_cert_type(NULL,pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); |