From b2141841601645dfb19fe6f768b6394d9551d08c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 18 Apr 2012 17:03:29 +0000
Subject: [PATCH] recognise X9.42 DH certificates on servers

---
 crypto/evp/p_lib.c | 2 +-
 ssl/s3_both.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index e26ccd0d08..109188c45b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 
 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 	{
-	if(pkey->type != EVP_PKEY_DH) {
+	if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
 		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
 		return NULL;
 	}
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 11a9998c59..349531460d 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -524,7 +524,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 		{
 		ret = SSL_PKEY_GOST01;
 		}
-	else if (x && i == EVP_PKEY_DH)
+	else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
 		{
 		/* For DH two cases: DH certificate signed with RSA and
 		 * DH certificate signed with DSA.
-- 
2.40.0