diff options
Diffstat (limited to 'src/lib/libtls/tls_server.c')
-rw-r--r-- | src/lib/libtls/tls_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 2622e4464f..e1011769f6 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_server.c,v 1.41 2017/08/10 18:18:30 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -50,7 +50,9 @@ tls_server_conn(struct tls *ctx) | |||
50 | conn_ctx->flags |= TLS_SERVER_CONN; | 50 | conn_ctx->flags |= TLS_SERVER_CONN; |
51 | 51 | ||
52 | ctx->config->refcount++; | 52 | ctx->config->refcount++; |
53 | |||
53 | conn_ctx->config = ctx->config; | 54 | conn_ctx->config = ctx->config; |
55 | conn_ctx->keypair = ctx->config->keypair; | ||
54 | 56 | ||
55 | return (conn_ctx); | 57 | return (conn_ctx); |
56 | } | 58 | } |
@@ -112,6 +114,7 @@ tls_servername_cb(SSL *ssl, int *al, void *arg) | |||
112 | &match) == -1) | 114 | &match) == -1) |
113 | goto err; | 115 | goto err; |
114 | if (match) { | 116 | if (match) { |
117 | conn_ctx->keypair = sni_ctx->keypair; | ||
115 | SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx); | 118 | SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx); |
116 | return (SSL_TLSEXT_ERR_OK); | 119 | return (SSL_TLSEXT_ERR_OK); |
117 | } | 120 | } |
@@ -341,6 +344,7 @@ tls_configure_server_sni(struct tls *ctx) | |||
341 | tls_set_errorx(ctx, "out of memory"); | 344 | tls_set_errorx(ctx, "out of memory"); |
342 | goto err; | 345 | goto err; |
343 | } | 346 | } |
347 | (*sni_ctx)->keypair = kp; | ||
344 | if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1) | 348 | if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1) |
345 | goto err; | 349 | goto err; |
346 | if (tls_keypair_load_cert(kp, &ctx->error, | 350 | if (tls_keypair_load_cert(kp, &ctx->error, |