From b625f466ed086e94acecb66a8ddd3309cb0e3006 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 15 Aug 2016 14:04:23 +0000
Subject: Explicitly pass in an SSL_CTX * to the functions that operate on one,
 instead of assuming that they should use the one associated with the TLS
 context. This allows these functions to be used with the additional SSL
 contexts that are needed to support server-side SNI.

Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that
these functions have a common prefix.

ok reyk@
---
 src/lib/libtls/tls_client.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/lib/libtls/tls_client.c')

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 3847f4c46c..c360ecad52 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.33 2016/04/28 17:05:59 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.34 2016/08/15 14:04:23 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -193,9 +193,10 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
 		goto err;
 	}
 
-	if (tls_configure_ssl(ctx) != 0)
+	if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
 		goto err;
-	if (tls_configure_keypair(ctx, ctx->ssl_ctx, ctx->config->keypair, 0) != 0)
+	if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
+	    ctx->config->keypair, 0) != 0)
 		goto err;
 
 	if (ctx->config->verify_name) {
@@ -204,9 +205,9 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
 			goto err;
 		}
 	}
-
 	if (ctx->config->verify_cert &&
-	    (tls_configure_ssl_verify(ctx, SSL_VERIFY_PEER) == -1))
+	    (tls_configure_ssl_verify(ctx, ctx->ssl_ctx,
+	     SSL_VERIFY_PEER) == -1))
 		goto err;
 
 	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
-- 
cgit v1.2.3-55-g6feb