From d3ab7c5a21ebfa0e3ceb3a395f23aceb5ddc58b6 Mon Sep 17 00:00:00 2001 From: Dirk Feytons Date: Tue, 14 Nov 2017 22:22:47 +0100 Subject: openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY Fixes #2079 Closes #2081 --- lib/vtls/openssl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 3ed265f81..6cd813bf3 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn, EVP_PKEY_free(pktmp); } -#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY) +#if !defined(OPENSSL_NO_RSA) { /* If RSA is used, don't check the private key if its flags indicate * it doesn't support it. */ EVP_PKEY *priv_key = SSL_get_privatekey(ssl); - if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) { + int pktype; +#ifdef HAVE_OPAQUE_EVP_PKEY + pktype = EVP_PKEY_id(priv_key); +#else + pktype = priv_key->type; +#endif + if(pktype == EVP_PKEY_RSA) { RSA *rsa = EVP_PKEY_get1_RSA(priv_key); if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK) check_privkey = FALSE; -- cgit v1.2.3