Allow combined cert/key once again.

diff --git a/src/ChangeLog b/src/ChangeLog
index 5cd5761f37c662c17f2a9c1db784ba42c541e9b2..4cb560cc8cb6ee6dff08633ad9e3c6554746be43 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2008-04-22  Jim Paris  <jim@jtan.com>
+
+       * openssl.c (ssl_init): Enable combined certificate/key in
+       single file (apparent regression from ~1.9). Resolves issue
+       #22767.
+
 2008-04-22  Steven Schubiger  <schubiger@gmail.com>
 
        * http.c (print_response_line): Changed to make responses always

diff --git a/src/openssl.c b/src/openssl.c
index c33b4ad664b084453289d90138863e01456815ea..1f19a6f6d4b0a40c6cfe6501bfdeef5480d4336b 100644 (file)
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -210,6 +210,13 @@ ssl_init ()
      than examining the error stack after a failed SSL_connect.  */
   SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
 
+  /* Use the private key from the cert file unless otherwise specified. */
+  if (opt.cert_file && !opt.private_key)
+    {
+      opt.private_key = opt.cert_file;
+      opt.private_key_type = opt.cert_type;
+    }
+
   if (opt.cert_file)
     if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
                                       key_type_to_ssl_type (opt.cert_type))