1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 15:48:49 -05:00

openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY

Fixes #2079
Closes #2081
This commit is contained in:
Dirk Feytons 2017-11-14 22:22:47 +01:00 committed by Daniel Stenberg
parent a9f669896f
commit d3ab7c5a21
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn,
EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp);
} }
#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY) #if !defined(OPENSSL_NO_RSA)
{ {
/* If RSA is used, don't check the private key if its flags indicate /* If RSA is used, don't check the private key if its flags indicate
* it doesn't support it. */ * it doesn't support it. */
EVP_PKEY *priv_key = SSL_get_privatekey(ssl); EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) { int pktype;
#ifdef HAVE_OPAQUE_EVP_PKEY
pktype = EVP_PKEY_id(priv_key);
#else
pktype = priv_key->type;
#endif
if(pktype == EVP_PKEY_RSA) {
RSA *rsa = EVP_PKEY_get1_RSA(priv_key); RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK) if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
check_privkey = FALSE; check_privkey = FALSE;