summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls_server.c')
-rw-r--r--src/lib/libtls/tls_server.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 2622e4464f..e1011769f6 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_server.c,v 1.41 2017/08/10 18:18:30 jsing Exp $ */ 1/* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -50,7 +50,9 @@ tls_server_conn(struct tls *ctx)
50 conn_ctx->flags |= TLS_SERVER_CONN; 50 conn_ctx->flags |= TLS_SERVER_CONN;
51 51
52 ctx->config->refcount++; 52 ctx->config->refcount++;
53
53 conn_ctx->config = ctx->config; 54 conn_ctx->config = ctx->config;
55 conn_ctx->keypair = ctx->config->keypair;
54 56
55 return (conn_ctx); 57 return (conn_ctx);
56} 58}
@@ -112,6 +114,7 @@ tls_servername_cb(SSL *ssl, int *al, void *arg)
112 &match) == -1) 114 &match) == -1)
113 goto err; 115 goto err;
114 if (match) { 116 if (match) {
117 conn_ctx->keypair = sni_ctx->keypair;
115 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx); 118 SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
116 return (SSL_TLSEXT_ERR_OK); 119 return (SSL_TLSEXT_ERR_OK);
117 } 120 }
@@ -341,6 +344,7 @@ tls_configure_server_sni(struct tls *ctx)
341 tls_set_errorx(ctx, "out of memory"); 344 tls_set_errorx(ctx, "out of memory");
342 goto err; 345 goto err;
343 } 346 }
347 (*sni_ctx)->keypair = kp;
344 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1) 348 if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
345 goto err; 349 goto err;
346 if (tls_keypair_load_cert(kp, &ctx->error, 350 if (tls_keypair_load_cert(kp, &ctx->error,