1 files changed, 6 insertions, 11 deletions

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 27256eea81..a32b2d4446 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -197,10 +197,8 @@ CERT *ssl_cert_dup(CERT *cert)
          * if you find that more readable */
 
         ret->valid = cert->valid;
-        ret->mask_k = cert->mask_k;
-        ret->mask_a = cert->mask_a;
-        ret->export_mask_k = cert->export_mask_k;
-        ret->export_mask_a = cert->export_mask_a;
+        ret->mask = cert->mask;
+        ret->export_mask = cert->export_mask;
 
 #ifndef OPENSSL_NO_RSA
         if (cert->rsa_tmp != NULL)
@@ -502,6 +500,9 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
                 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
                 return(0);
                 }
+        if (s->param)
+                X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
+                                                s->param);
 #if 0
         if (SSL_get_verify_depth(s) >= 0)
                 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -515,10 +516,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 
         X509_STORE_CTX_set_default(&ctx,
                                 s->server ? "ssl_client" : "ssl_server");
-        /* Anything non-default in "param" should overwrite anything in the
-         * ctx.
-         */
-        X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
 
         if (s->verify_callback)
                 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
@@ -755,8 +752,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                         sk_X509_NAME_push(stack,xn);
                 }
 
-        ERR_clear_error();
-
         if (0)
                 {
 err: