Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate

change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.

Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.

1 files changed, 11 insertions, 3 deletions

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 984895f2f1..6bd31c2dea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2287,7 +2287,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 #endif
 
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(const SSL *s)
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
 	{
 	unsigned long alg_k,alg_a;
 	CERT *c;
@@ -2345,9 +2345,17 @@ X509 *ssl_get_server_send_cert(const SSL *s)
 		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
 		return(NULL);
 		}
-	if (c->pkeys[i].x509 == NULL) return(NULL);
 
-	return(c->pkeys[i].x509);
+	return c->pkeys + i;
+	}
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+	{
+	CERT_PKEY *cpk;
+	cpk = ssl_get_server_send_pkey(s);
+	if (!cpk)
+		return NULL;
+	return cpk->x509;
 	}
 
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)