I saw your update (to 1.0.2 and HEAD), and I did start looking at
backporting it into my 1.0.1/1.0.0/0.9.8 patches.
ssl_get_server_send_pkey() is not available in 1.0.1 and earlier, so the
t1_lib.c patch would have to be something like...
+ X509 *x;
+ x = ssl_get_server_send_cert)s);
+ /* If no certificate can't return certificate status */
+ if (x == NULL)
+ s->tlsext_status_expected = 0;
+ return 1;
+ /* Set current certificate to one we will use so
+ * SSL_get_certificate et al can pick it up.
+ s->cert->key->x509 = x;
Is it OK to update s->cert->key->x509 like this?
On 21/09/12 14:34, Stephen Henson via RT wrote:
[rob.stradl...@comodo.com - Fri Sep 21 15:02:54 2012]:
Attached are patches for 1.0.0 and 0.9.8.
Note, I updated the original change to retain compatibility with
existing behaviour as far as possible. See:
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager majord...@openssl.org