1 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 27256eea81..917be31876 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -160,6 +160,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
        return ssl_x509_store_ctx_idx;
        }
+static void ssl_cert_set_default_md(CERT *cert)
+        {
+        /* Set digest values to defaults */
+#ifndef OPENSSL_NO_DSA
+        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_RSA
+        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+        cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+#endif
+        }
 CERT *ssl_cert_new(void)
        {
        CERT *ret;
@@ -174,7 +189,7 @@ CERT *ssl_cert_new(void)
        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
        ret->references=1;
+        ssl_cert_set_default_md(ret);
        return(ret);
        }
@@ -307,6 +322,10 @@ CERT *ssl_cert_dup(CERT *cert)
         * chain is held inside SSL_CTX */
        ret->references=1;
+        /* Set digests to defaults. NB: we don't copy existing values as they
+         * will be set during handshake.
+         */
+        ssl_cert_set_default_md(ret);
        return(ret);

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 27256eea81..917be31876 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -160,6 +160,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
160	return ssl_x509_store_ctx_idx;	160	return ssl_x509_store_ctx_idx;
161	}	161	}
162		162
		163	static void ssl_cert_set_default_md(CERT *cert)
		164	{
		165	/* Set digest values to defaults */
		166	#ifndef OPENSSL_NO_DSA
		167	cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
		168	#endif
		169	#ifndef OPENSSL_NO_RSA
		170	cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
		171	cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
		172	#endif
		173	#ifndef OPENSSL_NO_ECDSA
		174	cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
		175	#endif
		176	}
		177
163	CERT *ssl_cert_new(void)	178	CERT *ssl_cert_new(void)
164	{	179	{
165	CERT *ret;	180	CERT *ret;
@@ -174,7 +189,7 @@ CERT *ssl_cert_new(void)
174		189
175	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);	190	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
176	ret->references=1;	191	ret->references=1;
177		192	ssl_cert_set_default_md(ret);
178	return(ret);	193	return(ret);
179	}	194	}
180		195
@@ -307,6 +322,10 @@ CERT ssl_cert_dup(CERT cert)
307	* chain is held inside SSL_CTX */	322	* chain is held inside SSL_CTX */
308		323
309	ret->references=1;	324	ret->references=1;
		325	/* Set digests to defaults. NB: we don't copy existing values as they
		326	* will be set during handshake.
		327	*/
		328	ssl_cert_set_default_md(ret);
310		329
311	return(ret);	330	return(ret);
312		331