From d3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6 Mon Sep 17 00:00:00 2001
From: Dirk Feytons <dirk.feytons@gmail.com>
Date: Tue, 14 Nov 2017 22:22:47 +0100
Subject: openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY

Fixes #2079
Closes #2081
---
 lib/vtls/openssl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'lib/vtls')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 3ed265f81..6cd813bf3 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn,
       EVP_PKEY_free(pktmp);
     }
 
-#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY)
+#if !defined(OPENSSL_NO_RSA)
     {
       /* If RSA is used, don't check the private key if its flags indicate
        * it doesn't support it. */
       EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
-      if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) {
+      int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+      pktype = EVP_PKEY_id(priv_key);
+#else
+      pktype = priv_key->type;
+#endif
+      if(pktype == EVP_PKEY_RSA) {
         RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
         if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
           check_privkey = FALSE;
-- 
cgit v1.2.3