From b583ebb7ddf15d673ff9a918818acb584e17ea6a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 18 Apr 2012 17:03:45 +0000
Subject: [PATCH] recognise X9.42 DH certificates on servers

---
 crypto/evp/p_lib.c | 2 +-
 ssl/s3_both.c      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index e26ccd0d08..109188c45b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -348,7 +348,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 
 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 	{
-	if(pkey->type != EVP_PKEY_DH) {
+	if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
 		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
 		return NULL;
 	}
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 2beb818e2b..fc339665dc 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -520,7 +520,7 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 		{
 		ret = SSL_PKEY_GOST01;
 		}
-	else if (x && i == EVP_PKEY_DH)
+	else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX))
 		{
 		/* For DH two cases: DH certificate signed with RSA and
 		 * DH certificate signed with DSA.