1 files changed, 8 insertions, 12 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 3e168a0b54..4b52f6cf62 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.92 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -561,7 +561,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
         X509 *cert = NULL;
         EVP_PKEY *pkey;
         const uint8_t *p;
-        int cert_idx, alert_desc;
+        int alert_desc, cert_type;
         int ret = 0;
 
         if ((certs = sk_X509_new_null()) == NULL)
@@ -625,24 +625,20 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                 goto err;
         if (EVP_PKEY_missing_parameters(pkey))
                 goto err;
-        if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
+        if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
                 goto err;
 
-        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        s->session->cert_chain = certs;
-        certs = NULL;
-
-        X509_up_ref(cert);
-        X509_free(s->session->peer_pkeys[cert_idx].x509);
-        s->session->peer_pkeys[cert_idx].x509 = cert;
-        s->session->peer_key = &s->session->peer_pkeys[cert_idx];
-
         X509_up_ref(cert);
         X509_free(s->session->peer_cert);
         s->session->peer_cert = cert;
+        s->session->peer_cert_type = cert_type;
 
         s->session->verify_result = s->verify_result;
 
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
+        s->session->cert_chain = certs;
+        certs = NULL;
+
         if (ctx->ocsp_status_recv_cb != NULL &&
             !ctx->ocsp_status_recv_cb(ctx))
                 goto err;