case XSECCryptoKey::KEY_RSA_PUBLIC:
{
RSA* rsa = static_cast<OpenSSLCryptoKeyRSA*>(key.get())->getOpenSSLRSA();
- EVP_PKEY* evp = certEE->cert_info->key->pkey;
+ EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE));
if (rsa && evp && evp->type == EVP_PKEY_RSA &&
- BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) != 0) {
+ BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) == 0) {
log.debug("end-entity certificate matches peer RSA key information");
+ if (evp)
+ EVP_PKEY_free(evp);
return true;
}
+ if (evp)
+ EVP_PKEY_free(evp);
break;
}
case XSECCryptoKey::KEY_DSA_PUBLIC:
{
DSA* dsa = static_cast<OpenSSLCryptoKeyDSA*>(key.get())->getOpenSSLDSA();
- EVP_PKEY* evp = certEE->cert_info->key->pkey;
+ EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE));
if (dsa && evp && evp->type == EVP_PKEY_DSA && BN_cmp(dsa->pub_key,evp->pkey.dsa->pub_key) == 0) {
log.debug("end-entity certificate matches peer DSA key information");
+ if (evp)
+ EVP_PKEY_free(evp);
return true;
}
+ if (evp)
+ EVP_PKEY_free(evp);
break;
}
curl_easy_setopt(handle,CURLOPT_NOSIGNAL,1);
curl_easy_setopt(handle,CURLOPT_FAILONERROR,1);
curl_easy_setopt(handle,CURLOPT_SSLVERSION,3);
+ // Verification of the peer is via TrustEngine only.
+ curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0);
curl_easy_setopt(handle,CURLOPT_SSL_VERIFYHOST,2);
curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook);
curl_easy_setopt(handle,CURLOPT_READFUNCTION,&curl_read_hook);
curl_easy_setopt(m_handle,CURLOPT_SSL_CTX_DATA,NULL);
}
- // Verification of the peer is via TrustEngine only.
- curl_easy_setopt(m_handle,CURLOPT_SSL_VERIFYPEER,0);
-
// Make the call.
log.debug("sending SOAP message to %s", m_endpoint.c_str());
if (curl_easy_perform(m_handle) != CURLE_OK) {