Add ssi_st struct in ssl_local.h

README.md

@@ -1,6 +1,6 @@
 # Purpose  
 
-This is a fork of OpenSSL to enable TLS 1.3 authentication through the use of Verifiable Credentials. The original OpenSSL `README` can be found at [OpenSSL](./README-OPENSSL.md)
+This is a fork of OpenSSL to enable TLS 1.3 authentication through the use of Verifiable Credentials. The original OpenSSL `README` can be found at [README-OPENSSL](./README-OPENSSL.md)
 
 # Architecture
 
@@ -12,11 +12,11 @@ We have added the `vcauthtls` option in the `Configure` file to enable VC authen
 
 # Usage
 
-You can create your Self-Sovereign Identity through the `genpkey` application treating the DID Document as the public part and the VC as the private part of an asymmetric keypair.
+The creation of the Self-Sovereign Identity can be performed through the `genpkey` application treating the DID Document as the public part and the VC as the private part of an asymmetric keypair.
 
     openssl genpkey -algorithm VC -out did-document.pem -outpubkey vc.pem -provider default -provider ssi
 
-To perform a TLS 1.3 handshake with VC authentication you can run locally `s_server` and `s_client` applications with the following options:
+A TLS 1.3 handshake with VC authentication can be performed locally by running the `s_server` and `s_client` applications with the following options:
 
     openssl s_server -accept 44330 -www -cert server-vc.pem -key server-did-document.pem -verify 1 -enable_client_rpk -enable_server_rpk -tls1_3 -provider default -provider ssi
 

apps/lib/s_cb.c

@@ -160,12 +160,13 @@ int set_vc_did_stuff(SSL_CTX *ctx, EVP_PKEY *vc, EVP_PKEY *did)
 {
 	if (did == NULL || vc == NULL)
 	        return 1;
-	if (SSL_CTX_use_VC(ctx, vc) <= 0) {
+
+	if (SSL_CTX_use_VC(vc, ctx) <= 0) {
 		BIO_printf(bio_err, "error setting certificate\n");
 		ERR_print_errors(bio_err);
 		return 0;
 	}
-	if (SSL_CTX_use_DID(ctx, did) <= 0) {
+	if (SSL_CTX_use_DID(did, ctx) <= 0) {
 		BIO_printf(bio_err, "error setting private key\n");
 		ERR_print_errors(bio_err);
 		return 0;

apps/s_client.c

@@ -119,12 +119,12 @@ static int ocsp_resp_cb(SSL *s, void *arg);
 static int ldap_ExtendedResponse_parse(const char *buf, long rem);
 static int is_dNS_name(const char *host);
 
-static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 };
-static int enable_server_rpk = 0;
-
+static const unsigned char cert_type_rpk[] = { 
 #ifndef OPENSSL_NO_VCAUTHTLS
-static const unsigned char cert_type_vc[] = { TLSEXT_cert_type_vc, TLSEXT_cert_type_x509 };
-#endif
+    TLSEXT_cert_type_vc, 
+#endif    
+    TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 };
+static int enable_server_rpk = 0;
 
 static int saved_errno;
 
@@ -1757,16 +1757,18 @@ int s_client_main(int argc, char **argv)
         key_file = cert_file;
 
 #ifndef OPENSSL_NO_VCAUTHTLS
-    did = load_key(key_file, key_format, 0, pass, e,
-            "client DID document and private key" );
+    if(enable_client_rpk) {
+        did = load_key(key_file, key_format, 0, pass, e,
+                "client DID document and private key" );
         if (did == NULL)
             goto end;
 
-    vc = load_key(cert_file, key_format, 0, pass, e,
-            "client VC" );
-    if (vc == NULL)
+        vc = load_key(cert_file, key_format, 0, pass, e,
+                "client VC" );
+        if (vc == NULL)
             goto end;
-#else
+    } else {
+#endif
     if (key_file != NULL) {
         key = load_key(key_file, key_format, 0, pass, e,
                        "client certificate private key");
@@ -1780,7 +1782,6 @@ int s_client_main(int argc, char **argv)
         if (cert == NULL)
             goto end;
     }
-#endif
 
     if (chain_file != NULL) {
         if (!load_certs(chain_file, 0, &chain, pass, "client certificate chain"))
@@ -1800,6 +1801,9 @@ int s_client_main(int argc, char **argv)
             goto end;
         }
     }
+#ifndef OPENSSL_NO_VCAUTHTLS
+    }
+#endif
 
     if (!load_excert(&exc))
         goto end;
@@ -2057,12 +2061,9 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_VCAUTHTLS
     if(!set_vc_did_stuff(ctx, vc, did))
         goto end;
-#else
+#endif
     if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
         goto end;
-#endif
-
-
 
     if (!noservername) {
         tlsextcbp.biodebug = bio_err;
@@ -2105,31 +2106,16 @@ int s_client_main(int argc, char **argv)
         SSL_set_post_handshake_auth(con, 1);
 
     if (enable_client_rpk)
-#ifndef OPENSSL_NO_VCAUTHTLS
-        if (!SSL_set1_client_cert_type(con, cert_type_vc, sizeof(cert_type_vc))) {
-            BIO_printf(bio_err, "Error setting client certificate types\n");
-            goto end;
-        }
-#else
         if (!SSL_set1_client_cert_type(con, cert_type_rpk, sizeof(cert_type_rpk))) {
             BIO_printf(bio_err, "Error setting client certificate types\n");
             goto end;
         }
-    if (enable_server_rpk) {
-#endif
+
     if (enable_server_rpk)
-#ifndef OPENSSL_NO_VCAUTHTLS
-        if (!SSL_set1_server_cert_type(con, cert_type_vc, sizeof(cert_type_vc))) {
-            BIO_printf(bio_err, "Error setting server certificate types\n");
-            goto end;
-        }
-#else
         if (!SSL_set1_server_cert_type(con, cert_type_rpk, sizeof(cert_type_rpk))) {
             BIO_printf(bio_err, "Error setting server certificate types\n");
             goto end;
         }
-    }
-#endif
 
     if (sess_in != NULL) {
         SSL_SESSION *sess;

apps/s_server.c

@@ -104,12 +104,12 @@ static int use_zc_sendfile = 0;
 
 static const char *session_id_prefix = NULL;
 
-static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 };
-static int enable_client_rpk = 0;
-
+static const unsigned char cert_type_rpk[] = { 
 #ifndef OPENSSL_NO_VCAUTHTLS
-static const unsigned char cert_type_vc[] = { TLSEXT_cert_type_vc, TLSEXT_cert_type_x509 };
-#endif
+    TLSEXT_cert_type_vc, 
+#endif    
+    TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 };
+static int enable_client_rpk = 0;
 
 #ifndef OPENSSL_NO_DTLS
 static int enable_timeouts = 0;
@@ -1800,6 +1800,7 @@ int s_server_main(int argc, char *argv[])
 
     if (nocert == 0) {
 #ifndef OPENSSL_NO_VCAUTHTLS
+    if(enable_server_rpk) {
         did = load_key(s_key_file, s_key_format, 0, pass, engine,
             "server DID document and private key" );
         if (did == NULL)
@@ -1809,7 +1810,8 @@ int s_server_main(int argc, char *argv[])
             "server VC" );
         if (vc == NULL)
             goto end;
-#else
+    } else {
+#endif
         s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
                          "server certificate private key");
         if (s_key == NULL)
@@ -1838,6 +1840,8 @@ int s_server_main(int argc, char *argv[])
             if (s_cert2 == NULL)
                 goto end;
         }
+#ifndef OPENSSL_NO_VCAUTHTLS
+    }
 #endif
     }
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
@@ -2182,10 +2186,9 @@ int s_server_main(int argc, char *argv[])
 #ifndef OPENSSL_NO_VCAUTHTLS
     if(!set_vc_did_stuff(ctx, vc, did))
         goto end;
-#else
+#endif
     if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
         goto end;
-#endif
 
     if (s_serverinfo_file != NULL
         && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
@@ -2322,29 +2325,15 @@ int s_server_main(int argc, char *argv[])
             BIO_printf(bio_s_out, "Error compressing certs on ctx2\n");
     }
     if (enable_server_rpk)
-#ifndef OPENSSL_NO_VCAUTHTLS
-        if (!SSL_CTX_set1_server_cert_type(ctx, cert_type_vc, sizeof(cert_type_vc))) {
-            BIO_printf(bio_s_out, "Error setting server certificate types\n");
-            goto end;
-        }
-#else
         if (!SSL_CTX_set1_server_cert_type(ctx, cert_type_rpk, sizeof(cert_type_rpk))) {
             BIO_printf(bio_s_out, "Error setting server certificate types\n");
             goto end;
         }
-#endif
     if (enable_client_rpk)
-#ifndef OPENSSL_NO_VCAUTHTLS
-        if (!SSL_CTX_set1_client_cert_type(ctx, cert_type_vc, sizeof(cert_type_vc))) {
-            BIO_printf(bio_s_out, "Error setting server certificate types\n");
-            goto end;
-        }
-#else
         if (!SSL_CTX_set1_client_cert_type(ctx, cert_type_rpk, sizeof(cert_type_rpk))) {
             BIO_printf(bio_s_out, "Error setting server certificate types\n");
             goto end;
         }
-#endif
 
     if (rev)
         server_cb = rev_body;

include/openssl/ssl.h.in

@@ -2688,8 +2688,8 @@ __owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t,
 __owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
 
 #ifndef OPENSSL_NO_VCAUTHTLS
-__owur int SSL_CTX_use_VC(SSL_CTX *ctx, EVP_PKEY *vc);
-__owur int SSL_CTX_use_DID(SSL_CTX *ctx, EVP_PKEY *did);
+__owur int SSL_CTX_use_VC(EVP_PKEY *vc, SSL_CTX *ctx);
+__owur int SSL_CTX_use_DID(EVP_PKEY *did, SSL_CTX *ctx);
 #endif
 
 # ifdef  __cplusplus

providers/common/capabilities.c

@@ -218,7 +218,6 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
         if (!cb(param_group_list[i], arg))
             return 0;
 #endif
-
     return 1;
 }
 

root.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUI7ugMaeA+Sq4Ay5Yif+zadCTuzQwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yNDAxMzAxNTI5MTFaFw0yNTAxMjkx
+NTI5MTFaMBIxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC4eBrndNYaDOjVvsx64zMSLrsv39RktUlLO6j9FkIw+42aijrk
+i377ZFffy0qPS1tCGmSKFKjNagUIFBlmk2QWEsJCQ2FUHsJKa56/VxpMV5cY441A
+QqwA83tVZIQqFyqH3dC8ky8cMGcM9Zm/W+QC/+ZJoU0FCMqlkbK0blEPi9TflHF/
+xi/q/1QEmpcDfPbgvNVMQLnY0jqnRGwQNpUyigJtGLySVa+6zV4pIKdbzJnWUtFj
+FHt4Z3clxmM+YmfbKOEr+Nu2b4JtK5zMWlfcogEshzEEg3qEfEAjOQm4v0C4cHjG
+YHFMx62b5o9U4mCsqHDJI1J746F0vnQ+jCf9AgMBAAGjUzBRMB0GA1UdDgQWBBS2
+9DC2Zzm/+74HSfiaGgP405XUwjAfBgNVHSMEGDAWgBS29DC2Zzm/+74HSfiaGgP4
+05XUwjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQChV5AZoXjb
+rOZdn3hFLf7SLvnrTY+qrL1vO5tnXC+XHIkPli3mkcZowfr4WG74xS+CEcnWoXER
+JXz6jFaOE0DeJxJUD4xJQhyAxty6nsfS+q1Y3TOURSXj9SyCT3+ZYgE86nz8tRIm
+uRPhnCVmXNTRT8w6nIuw+6PWRKW28UWVEKIoh6vy4HWRdzzhjc7zVx5uzeyePaCt
+24Rsn9gDMkI1sIIZG/K3g+CvNlf4CEgBHh/7mDOz6ZdatZcG3MqT7lINZypam/eY
+BzzSZGcHPsiPUW7k1OtJH8VaAbKznljLQjYM4jMyLBRK/dCUaoQ//tS60Ob2R8j8
+2hvpyCNAdLRT
+-----END CERTIFICATE-----

server-chain.crt

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUQy2huhhQYIUSucNnuEKPNASJ768wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaW50ZXJtZWRpYXRlIENBMB4XDTI0MDEzMDE1MjkxMVoX
+DTI1MDEyOTE1MjkxMVowFTETMBEGA1UEAwwKc2VydmVyLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKCndjibob8iZp2BVGehxY6HrHQWP4fY1phR
+v78sGXPwXcHqMFEywcCRhACYul9ar/CQQn9/IFBjHTEcc2TmT4a6Grz8/Xm0h2bg
+geY9O8an19TplhYOfJwjFUlb62OyLB/cccIb+v+lTCwCu7rGYbtI0u+ggWwyY+CY
+TcHXwBnk3inrLtYcbqy5ZUwsIGlzLGVsVDM+KPcs75Kjfco25oUTgpwic6XlTLLn
+lSOfTkCuyFmYiovMpUzmMu6yyrCOs3q5E8QZn9jmDupYr8X4dKsvI1nq1T3DIJT+
+B05LS0wHkXQ7DBCay+QiE+S4E9robN/to8mFMn+33WJp/8RkkAcCAwEAAaNCMEAw
+HQYDVR0OBBYEFMC2+QC+0yf2XnpUdqvQ7LABcq0/MB8GA1UdIwQYMBaAFLZaPr9P
+naB0bPReIcTIBC6ZYRX3MA0GCSqGSIb3DQEBCwUAA4IBAQBmR0Xs36vdAhY6u0BH
+j09GKVzpRUZ7JlO8SBnre6mdD8bSFLsy4xqwKUZJXJdciaR0xINeiQtLV/tUbcC+
+fu0LAS7eaDrTnsRb3C8kpMwgAuJeEQYLlqvPYPrKQ55EvR/88Fg2L4pT9nWRNfmm
+Wj1nNyJlYFVP77PVFgSsgNSd2G/rlnysqzpPvrefiB8cVcteHBANkxaZgTGo0jM9
+JJQf0u/FViWNI08R+tsXD3vSwv2DfFYIjQFqyqknMHG4X8YMl9Gc28GWSecsrl3V
+vC6pPYi0G+OC3BmsM8av6eIY92Fy0WHej7ITvmUM/ZdetiMUtNOc8GdK1uwBZOrR
+dJuG
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIUD6iTeyrbhOgSkSADlS3WJSjMhz4wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yNDAxMzAxNTI5MTFaFw0yNTAxMjkx
+NTI5MTFaMBoxGDAWBgNVBAMMD2ludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALoNJ6R7yzR+rEdHVkDum537q1g7McS/Sr/Sn5f2
+fVKsrIKQrDT5aSzpX5DiVIJJ/BSSscQnv/ROHgCk81MlFJQYtulYQam/G/gUphh8
+VlgR+2RobmRjyHaChqf2tJQ53ghdrMJLr+B3td/fkkFytCxQFRLcyPuEGjfUnVkk
+GQxnQCRl1Pn0tRQpxMhpKvHMusnHZJ8oefNjq+8ghAYkOSgBqUr3ANYz2RnSnjWh
+qAZ6Q/XcZywv0DZBUr3TrQU9UfuYdn8+JfmH3Ok8jQrEKmc7Kop2/8dcJQVpVs11
+2LBG8QLO704o2sAO4LxLkAefd4V3t00pt86cvjCZROeZr90CAwEAAaNmMGQwHQYD
+VR0OBBYEFLZaPr9PnaB0bPReIcTIBC6ZYRX3MBIGA1UdEwEB/wQIMAYBAf8CAQAw
+DgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFLb0MLZnOb/7vgdJ+JoaA/jTldTC
+MA0GCSqGSIb3DQEBCwUAA4IBAQA/je7CbyDnVVPKCdmwuzbhAwZIdmuMr53X+MYY
+Eb3QxL2Xs41BrMZfZJYketHeBQXo6Ucl8AsTmX4Lny8Ewz10a+R025L1u+KD3qiQ
+/bnN2fUG2HHNSBRDSh336WEapZetJodTkQ0ubz7y/jZgHgHT9ujN8BJgqp5R8sUw
+axNchiGtUKpk3J7KXqBSvSM9uBz40/kCXSQwtkkYjxUdePhLO7hx9x3uKVRAGgKL
+TYfg/qi5RN7z7l7YhBaY+TZ57zxBFMoC8ePw4JpA7T2S3wAZK4QxaGxTR1CcvJ7O
+vVU1sWKiNYZpVzE2MPNMnVeyM3gaB2DCvk8gRlpVnfFKCXV2
+-----END CERTIFICATE-----

server.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUQy2huhhQYIUSucNnuEKPNASJ768wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaW50ZXJtZWRpYXRlIENBMB4XDTI0MDEzMDE1MjkxMVoX
+DTI1MDEyOTE1MjkxMVowFTETMBEGA1UEAwwKc2VydmVyLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKCndjibob8iZp2BVGehxY6HrHQWP4fY1phR
+v78sGXPwXcHqMFEywcCRhACYul9ar/CQQn9/IFBjHTEcc2TmT4a6Grz8/Xm0h2bg
+geY9O8an19TplhYOfJwjFUlb62OyLB/cccIb+v+lTCwCu7rGYbtI0u+ggWwyY+CY
+TcHXwBnk3inrLtYcbqy5ZUwsIGlzLGVsVDM+KPcs75Kjfco25oUTgpwic6XlTLLn
+lSOfTkCuyFmYiovMpUzmMu6yyrCOs3q5E8QZn9jmDupYr8X4dKsvI1nq1T3DIJT+
+B05LS0wHkXQ7DBCay+QiE+S4E9robN/to8mFMn+33WJp/8RkkAcCAwEAAaNCMEAw
+HQYDVR0OBBYEFMC2+QC+0yf2XnpUdqvQ7LABcq0/MB8GA1UdIwQYMBaAFLZaPr9P
+naB0bPReIcTIBC6ZYRX3MA0GCSqGSIb3DQEBCwUAA4IBAQBmR0Xs36vdAhY6u0BH
+j09GKVzpRUZ7JlO8SBnre6mdD8bSFLsy4xqwKUZJXJdciaR0xINeiQtLV/tUbcC+
+fu0LAS7eaDrTnsRb3C8kpMwgAuJeEQYLlqvPYPrKQ55EvR/88Fg2L4pT9nWRNfmm
+Wj1nNyJlYFVP77PVFgSsgNSd2G/rlnysqzpPvrefiB8cVcteHBANkxaZgTGo0jM9
+JJQf0u/FViWNI08R+tsXD3vSwv2DfFYIjQFqyqknMHG4X8YMl9Gc28GWSecsrl3V
+vC6pPYi0G+OC3BmsM8av6eIY92Fy0WHej7ITvmUM/ZdetiMUtNOc8GdK1uwBZOrR
+dJuG
+-----END CERTIFICATE-----

server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgp3Y4m6G/Imad
+gVRnocWOh6x0Fj+H2NaYUb+/LBlz8F3B6jBRMsHAkYQAmLpfWq/wkEJ/fyBQYx0x
+HHNk5k+Guhq8/P15tIdm4IHmPTvGp9fU6ZYWDnycIxVJW+tjsiwf3HHCG/r/pUws
+Aru6xmG7SNLvoIFsMmPgmE3B18AZ5N4p6y7WHG6suWVMLCBpcyxlbFQzPij3LO+S
+o33KNuaFE4KcInOl5Uyy55Ujn05ArshZmIqLzKVM5jLussqwjrN6uRPEGZ/Y5g7q
+WK/F+HSrLyNZ6tU9wyCU/gdOS0tMB5F0OwwQmsvkIhPkuBPa6Gzf7aPJhTJ/t91i
+af/EZJAHAgMBAAECggEAJui4DLjAwVpzEOWQTDMVdlIstcbnpx6gxq5R6tqi5X4L
+LxppjljlLR7xIfXbeZmsr+44dMmUyXNf0BOsbP0MuLwdGrWJLG9JNeTdASbGcfQX
+pWTXaUsj6erjTmuZRIGUBzlsQc9mCIF/w877qZ4/cE0QbWHpxosjvnMUrgRzbbGq
+uv7mLlh7wdsino1j+/lvKcvtlmrILE69nCUGw6KdV7a1mEwKnTU0yLzSNbffF20J
+wouY3f0WFeDWfJ9pqG3ZMAjsjVF9lw36TmJZhg6+NOHhEOikqAJC2rwUWzqB8/uo
+m4iisfpaOJ8jqEfR/6fjAQwn+HCMqxT0wAMC7DcvbQKBgQDT3SKU3fEGeh6CrZtq
+2ZvPLu7XKSisPIx6eToCwLb222nV03H2la69opifteI/mEOXfvbYGnOoYO5IlYb3
+mcO5d8g3EaR7tP49xW7kwnRdJYyEYLpKvjJo0QyI7zJxC+sGAFsKJfFTO98fcds/
+QKkm8RB4gS6c9UdxZGhRpDQj7QKBgQDCH0Zea0CCcP3sPr7cQ7MnQlv7uS9z455r
+Ijlc1XaImq/GTJYWatmqr0kc6zFjJoJptKrZ9M3MMKMIfkCV5FOdlr+5o0m7lAvL
+PD2bPAaqBgAzE7WoH7sfNr06SbqeY7rDm+sRZfCJ17bC4QNCn6btuitiUdJL1uDX
+Im/KaVitQwKBgEBex8sDQ9/76pk5tibYxwZD9D1bPAhYvTXY7082zmBied2FyPJq
+uBTV+hlMYdmAoci9wrIWF13pVXyoMcG47kbDpglVSuxrKXQLMI5ApqpGZlMyMGfV
+Meu22GAijOjb/iRspzyGGrR3VGtxZHPraXlzdNWoKkl2HKbPIwLrKQxhAoGBALQC
+FFrR0cwjwxMjTBEspiCtpGZUXvB0Dh8CaXbway5ZYs3bjwHSq21fhcjPP8jVmPE0
+m4npPD0wjL3/dRyJ0g+8DqWyCVlr+1PG1Mnya6uWTPEQQc9ZPUfAltBKNkdR64og
+N2a2xMrNwagMx90r9rtTe498mCnDZFOal1d3QMfJAoGAEAbEVeWXWbg7+AzfCPfs
+gOuFBXwH11DnWe4HXK7xxx02nyNAI6g35u9tjw5hDqUKt1atMw1gFzdNOqMeR8gt
+leFMfaksGzikZA2nz1BCdtN0my4UQ8TkxtU51Xuo7iv9ZMfF5DY7kHm+uyKFZSRW
+X3O/tA6yPe2JeO6Vg/EGDjg=
+-----END PRIVATE KEY-----

ssl/ssl_lib.c

@@ -808,8 +808,8 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
         goto sslerr;
 
 #ifndef OPENSSL_NO_VCAUTHTLS
-    s->vc = ssl_vc_dup(ctx->vc);
-    if (s->vc == NULL)
+    s->ssi = ssl_ssi_dup(ctx->ssi);
+    if (s->ssi == NULL)
         goto sslerr;
 #endif
 
@@ -3977,11 +3977,13 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
         goto err;
     }
 
+#ifndef OPENSSL_NO_VCAUTHTLS
     /* initialise did methods */
     if(!ssl_setup_didmethods(ret)) {
         ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
         goto err;
     }
+#endif
 
     if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
         ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
@@ -3994,7 +3996,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
     }
 
 #ifndef OPENSSL_NO_VCAUTHTLS
-    if ((ret->vc = ssl_vc_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
+    if ((ret->ssi = ssl_ssi_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
         goto err;
     }