moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY 

Fixes #2079
Closes #2081
This commit is contained in:
Dirk Feytons 2017-11-14 22:22:47 +01:00 committed by Daniel Stenberg
parent a9f669896f
commit d3ab7c5a21
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/vtls/openssl.c
View File

@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn,
EVP_PKEY_free(pktmp);
}
#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY)
#if !defined(OPENSSL_NO_RSA)
{
/* If RSA is used, don't check the private key if its flags indicate
* it doesn't support it. */
EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) {
int pktype;
#ifdef HAVE_OPAQUE_EVP_PKEY
pktype = EVP_PKEY_id(priv_key);
#else
pktype = priv_key->type;
#endif
if(pktype == EVP_PKEY_RSA) {
RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
check_privkey = FALSE;