From e198df53a070da3e29707fd16c5736811a2b1415 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 5 Jan 2018 21:17:45 +0100
Subject: [PATCH] ssl_pick_cert: use the public key for can_do

This is in preparation for support of external private key operations,
where there is no private key object.
---
 library/ssl_srv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 70fe13d79..2034d75f3 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -707,7 +707,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
                           cur->cert );
 
-        if( ! mbedtls_pk_can_do( cur->key, pk_alg ) )
+        if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
             continue;