Commit ff0bdbed authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Allow match selecting of current certificate. 

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
parent dc4bdf59

ssl/ssl_cert.c

+11 −0
Original line number Diff line number Diff line
@@ -624,6 +624,8 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x) 
int ssl_cert_select_current(CERT *c, X509 *x)

	{

	int i;

	if (x == NULL)

		return 0;

	for (i = 0; i < SSL_PKEY_NUM; i++)

		{

		if (c->pkeys[i].x509 == x)
@@ -632,6 +634,15 @@ int ssl_cert_select_current(CERT *c, X509 *x) 
			return 1;

			}

		}



	for (i = 0; i < SSL_PKEY_NUM; i++)

		{

		if (c->pkeys[i].x509 && !X509_cmp(c->pkeys[i].x509, x))

			{

			c->key = &c->pkeys[i];

			return 1;

			}

		}

	return 0;

	}