Bug#39178: non-RSA keys in connection to a RSA-keyed yaSSL-using server \

		using crashes server

When the server is configured to use a RSA key, and when the client sends
a cipher-suite list that contains a non-RSA key as acceptable, the server 
would try to process that key even though it was impossible.

Now, yaSSL sets its own acceptable-cipher list according to what kind of
key the server is started with, and will never explore and try to pair 
impossible combinations.

This involves a partial import of the current YaSSL tree, not the whole
thing, so as to try to avoid introducing new bugs.

(Updated to avoid many whitespace changes and make diff smaller.)

1 files changed, 3 insertions, 0 deletions

diff --git a/extra/yassl/include/cert_wrapper.hpp b/extra/yassl/include/cert_wrapper.hpp
index ce8003aa4cf..572b9f87293 100644
--- a/extra/yassl/include/cert_wrapper.hpp
+++ b/extra/yassl/include/cert_wrapper.hpp
@@ -34,6 +34,7 @@
 #include "yassl_types.hpp"  // SignatureAlgorithm
 #include "buffer.hpp"       // input_buffer
 #include "asn.hpp"          // SignerList
+#include "openssl/ssl.h"    // internal and external use
 #include STL_LIST_FILE
 #include STL_ALGORITHM_FILE
 
@@ -87,6 +88,7 @@ class CertManager {
     bool verifyNone_;                   // no error if verify fails
     bool failNoCert_;
     bool sendVerify_;
+    VerifyCallback verifyCallback_;     // user verify callback
 public:
     CertManager();
     ~CertManager();
@@ -118,6 +120,7 @@ public:
     void setFailNoCert();
     void setSendVerify();
     void setPeerX509(X509*);
+    void setVerifyCallback(VerifyCallback);
 private:
     CertManager(const CertManager&);            // hide copy
     CertManager& operator=(const CertManager&); // and assign