From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 18 Apr 2012 17:03:29 +0000 (+0000)
Subject: recognise X9.42 DH certificates on servers
X-Git-Tag: master-pre-reformat~1802
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2141841601645dfb19fe6f768b6394d9551d08c;p=openssl

recognise X9.42 DH certificates on servers
---

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index e26ccd0d08..109188c45b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 
 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 	{
-	if(pkey->type != EVP_PKEY_DH) {
+	if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
 		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
 		return NULL;
 	}
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 11a9998c59..349531460d 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -524,7 +524,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 		{
 		ret = SSL_PKEY_GOST01;
 		}
-	else if (x && i == EVP_PKEY_DH)
+	else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
 		{
 		/* For DH two cases: DH certificate signed with RSA and
 		 * DH certificate signed with DSA.