Hi Steve. I saw your update (to 1.0.2 and HEAD), and I did start looking at backporting it into my 1.0.1/1.0.0/0.9.8 patches.
ssl_get_server_send_pkey() is not available in 1.0.1 and earlier, so the t1_lib.c patch would have to be something like... + X509 *x; + x = ssl_get_server_send_cert)s); + /* If no certificate can't return certificate status */ + if (x == NULL) + { + s->tlsext_status_expected = 0; + return 1; + } + /* Set current certificate to one we will use so + * SSL_get_certificate et al can pick it up. + */ + s->cert->key->x509 = x; Is it OK to update s->cert->key->x509 like this? On 21/09/12 14:34, Stephen Henson via RT wrote: >> [rob.stradl...@comodo.com - Fri Sep 21 15:02:54 2012]: >> >> Attached are patches for 1.0.0 and 0.9.8. >> >> > > Note, I updated the original change to retain compatibility with > existing behaviour as far as possible. See: > > http://cvs.openssl.org/chngview?cn=22808 > > Steve. > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org