www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

ssl_callback_TmpDH: for OpenSSL 1.0.2 and later, set the current cert to the

Browse Source 
one actually used for the connection before calling SSL_get_privatekey(ssl)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1588851 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kaspar Brand
2014-04-21 06:39:24 +00:00
parent 3a7ef57c8d
commit eced8a0d15
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/ssl/ssl_engine_kernel.c
View File

@@ -1344,8 +1344,19 @@ make_get_dh(rfc3526, 4096, 2)
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
{ {
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
EVP_PKEY *pkey = SSL_get_privatekey(ssl); EVP_PKEY *pkey;
int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; int type;
#ifdef SSL_CERT_SET_SERVER
/*
* When multiple certs/keys are configured for the SSL_CTX: make sure
* that we get the private key which is indeed used for the current
* SSL connection (available in OpenSSL 1.0.2 or later only)
*/
SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);
#endif
pkey = SSL_get_privatekey(ssl);
type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
/* /*
* OpenSSL will call us with either keylen == 512 or keylen == 1024 * OpenSSL will call us with either keylen == 512 or keylen == 1024