diff options
| author | Dirk Feytons <dirk.feytons@gmail.com> | 2017-11-14 22:22:47 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-11-15 11:09:21 +0100 |
| commit | d3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6 (patch) | |
| tree | b00d7a70d2f1a13c1f1731e124064abce7d86cc4 | |
| parent | a9f669896f60864cb2e3c1e4bb292b4c749eb6d1 (diff) | |
| download | curl-d3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6.tar.gz | |
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
Fixes #2079
Closes #2081
| -rw-r--r-- | lib/vtls/openssl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 3ed265f81..6cd813bf3 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn, EVP_PKEY_free(pktmp); } -#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY) +#if !defined(OPENSSL_NO_RSA) { /* If RSA is used, don't check the private key if its flags indicate * it doesn't support it. */ EVP_PKEY *priv_key = SSL_get_privatekey(ssl); - if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) { + int pktype; +#ifdef HAVE_OPAQUE_EVP_PKEY + pktype = EVP_PKEY_id(priv_key); +#else + pktype = priv_key->type; +#endif + if(pktype == EVP_PKEY_RSA) { RSA *rsa = EVP_PKEY_get1_RSA(priv_key); if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK) check_privkey = FALSE; |