commit f365a3e2e552e36f5c885953f5a361267f0d06c6
author Dr. Stephen Henson <steve@openssl.org> Mon Feb 13 16:32:06 2017 +0000
committer Dr. Stephen Henson <steve@openssl.org> Wed Feb 15 02:23:54 2017 +0000
tree 04f1ecc586a4d91779bb9c26664bcec3388aca3b
parent 0972bc5cedfb3c8dcf7eae3ab010ed3b47a6f186

Use cert_index and sigalg

Now the certificate and signature algorithm is set in one place we
can use it directly insetad of recalculating it. The old functions
ssl_get_server_send_pkey() and ssl_get_server_cert_index() are no
longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d0e54d9..0ae41cd 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2201,7 +2201,10 @@
         else
             dh_secbits = 80;
     } else {
-        CERT_PKEY *cpk = ssl_get_server_send_pkey(s);
+        CERT_PKEY *cpk;
+        if (s->s3->tmp.cert_idx == -1)
+            return NULL;
+        cpk = &s->cert->pkeys[s->s3->tmp.cert_idx];
         dh_secbits = EVP_PKEY_security_bits(cpk->privatekey);
     }