openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY

author Dirk Feytons <dirk.feytons@gmail.com>

Tue, 14 Nov 2017 21:22:47 +0000 (22:22 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 15 Nov 2017 10:09:21 +0000 (11:09 +0100)
author Dirk Feytons <dirk.feytons@gmail.com>
Tue, 14 Nov 2017 21:22:47 +0000 (22:22 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 15 Nov 2017 10:09:21 +0000 (11:09 +0100)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 3ed265f8190b59788e3826a98de699022297d18b..6cd813bf3bafe3abb15d09c0a893cd52a5d9bcf4 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -838,12 +838,18 @@ int cert_stuff(struct connectdata *conn,
        EVP_PKEY_free(pktmp);
      }
  
-#if !defined(OPENSSL_NO_RSA) && defined(HAVE_OPAQUE_EVP_PKEY)
+#if !defined(OPENSSL_NO_RSA)
      {
        /* If RSA is used, don't check the private key if its flags indicate
         * it doesn't support it. */
        EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
-      if(EVP_PKEY_id(priv_key) == EVP_PKEY_RSA) {
+      int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+      pktype = EVP_PKEY_id(priv_key);
+#else
+      pktype = priv_key->type;
+#endif
+      if(pktype == EVP_PKEY_RSA) {
          RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
          if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
            check_privkey = FALSE;
author	Dirk Feytons <dirk.feytons@gmail.com>
	Tue, 14 Nov 2017 21:22:47 +0000 (22:22 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 15 Nov 2017 10:09:21 +0000 (11:09 +0100)