From f427f8854a55890994567d188ed08d0483892ae6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 10 Mar 2015 15:35:29 +0000
Subject: [PATCH] Stop checking key-cert match systematically

---
 ChangeLog         | 2 ++
 library/ssl_tls.c | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8e1434a08..9f97da75f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,8 @@ Bugfix
    * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
 
 Changes
+   * ssl_set_own_cert() now longers calls pk_check_pair() since the
+     performance impact was bad for some users (this was introduced in 1.3.10).
    * Move from SHA-1 to SHA-256 in example programs using signatures
      (suggested by Thorsten Mühlfelder).
    * Remove some unneeded inclusions of header files from the standard library
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d83ec746e..77bb9adb2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3973,7 +3973,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key  = pk_key;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 
 #if defined(POLARSSL_RSA_C)
@@ -4002,7 +4002,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key_own_alloc = 1;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 #endif /* POLARSSL_RSA_C */
 
@@ -4031,7 +4031,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
     key_cert->cert = own_cert;
     key_cert->key_own_alloc = 1;
 
-    return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
+    return( 0 );
 }
 #endif /* POLARSSL_X509_CRT_PARSE_C */