summaryrefslogtreecommitdiff
path: root/lib/vtls/openssl.c
diff options
context:
space:
mode:
authorDirk Feytons <dirk.feytons@gmail.com>2017-11-14 22:22:47 +0100
committerDaniel Stenberg <daniel@haxx.se>2017-11-15 11:09:21 +0100
commitd3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6 (patch)
treeb00d7a70d2f1a13c1f1731e124064abce7d86cc4 /lib/vtls/openssl.c
parenta9f669896f60864cb2e3c1e4bb292b4c749eb6d1 (diff)
downloadcurl-d3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6.tar.gz
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
Fixes #2079 Closes #2081
Diffstat (limited to 'lib/vtls/openssl.c')
-rw-r--r--lib/vtls/openssl.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 3ed265f81..6cd813bf3 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn,
EVP_PKEY_free(pktmp);
}
-#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY)
+#if !defined(OPENSSL_NO_RSA)
{
/* If RSA is used, don't check the private key if its flags indicate
* it doesn't support it. */
EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
- if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) {
+ int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ pktype = EVP_PKEY_id(priv_key);
+#else
+ pktype = priv_key->type;
+#endif
+ if(pktype == EVP_PKEY_RSA) {
RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
check_privkey = FALSE;