Commit 764b6a35 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix excert logic. 



If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>

(cherry picked from commit 786370b1)
parent 3881d810

apps/s_cb.c

+10 −4
Original line number Diff line number Diff line
@@ -1407,9 +1407,15 @@ int load_excert(SSL_EXCERT **pexc, BIO *err) 
		if (!exc->cert)

			return 0;

		if (exc->keyfile)

			exc->keyfile = exc->certfile;

		exc->key = load_key(err, exc->certfile, exc->certform, 0,

					NULL, NULL, "Server Certificate");

			{

			exc->key = load_key(err, exc->keyfile, exc->keyform,

					    0, NULL, NULL, "Server Key");

			}

		else

			{

			exc->key = load_key(err, exc->certfile, exc->certform,

					    0, NULL, NULL, "Server Key");

			}

		if (!exc->key)

			return 0;

		if (exc->chainfile)
@@ -1418,7 +1424,7 @@ int load_excert(SSL_EXCERT **pexc, BIO *err) 
						exc->chainfile, FORMAT_PEM,

						NULL, NULL,

						"Server Chain");

			if (!exc->chainfile)

			if (!exc->chain)

				return 0;

			}

		}