1 files changed, 22 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 48f247ceac..0596b7c5b8 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -191,16 +191,33 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef NO_DH
        if (cert->dh_tmp != NULL)
                {
-                /* DH parameters don't have a reference count (and cannot
+                /* DH parameters don't have a reference count */
-                 * reasonably be shared anyway, as the secret exponent may
-                 * be created just when it is needed -- earlier library
-                 * versions did not pay attention to this) */
                ret->dh_tmp = DHparams_dup(cert->dh_tmp);
                if (ret->dh_tmp == NULL)
                        {
-                        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);
+                        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
                        goto err;
                        }
+                if (cert->dh_tmp->priv_key)
+                        {
+                        BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
+                        if (!b)
+                                {
+                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+                                goto err;
+                                }
+                        ret->dh_tmp->priv_key = b;
+                        }
+                if (cert->dh_tmp->pub_key)
+                        {
+                        BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
+                        if (!b)
+                                {
+                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+                                goto err;
+                                }
+                        ret->dh_tmp->pub_key = b;
+                        }
                }
        ret->dh_tmp_cb = cert->dh_tmp_cb;
 #endif

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 48f247ceac..0596b7c5b8 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -191,16 +191,33 @@ CERT ssl_cert_dup(CERT cert)
191	#ifndef NO_DH	191	#ifndef NO_DH
192	if (cert->dh_tmp != NULL)	192	if (cert->dh_tmp != NULL)
193	{	193	{
194	/* DH parameters don't have a reference count (and cannot	194	/* DH parameters don't have a reference count */
195	* reasonably be shared anyway, as the secret exponent may
196	* be created just when it is needed -- earlier library
197	* versions did not pay attention to this) */
198	ret->dh_tmp = DHparams_dup(cert->dh_tmp);	195	ret->dh_tmp = DHparams_dup(cert->dh_tmp);
199	if (ret->dh_tmp == NULL)	196	if (ret->dh_tmp == NULL)
200	{	197	{
201	SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);	198	SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
202	goto err;	199	goto err;
203	}	200	}
		201	if (cert->dh_tmp->priv_key)
		202	{
		203	BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
		204	if (!b)
		205	{
		206	SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
		207	goto err;
		208	}
		209	ret->dh_tmp->priv_key = b;
		210	}
		211	if (cert->dh_tmp->pub_key)
		212	{
		213	BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
		214	if (!b)
		215	{
		216	SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
		217	goto err;
		218	}
		219	ret->dh_tmp->pub_key = b;
		220	}
204	}	221	}
205	ret->dh_tmp_cb = cert->dh_tmp_cb;	222	ret->dh_tmp_cb = cert->dh_tmp_cb;
206	#endif	223	#endif