commit e0b564e36265205fe329b40ba4bc35bdd2fe94f8
Author: Christophe Fergeau <cfergeau@redhat.com>
Date:   Wed May 18 15:44:47 2011 +0200

    add our own EVP_PKEY_cmp implementation
    
    This function wasn't available before openssl 0.9.8a, and MacOSX
    Leopard only have openssl 0.9.7. Add our own implementation of
    EVP_PKEY_cmp to be used when openssl doesn't have it.

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 8e9bbc9..20c3946 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -44,6 +44,61 @@ static int inet_aton(const char* ip, struct in_addr* in_addr)
 }
 #endif
 
+#ifndef HAVE_EVP_PKEY_CMP
+/* From openssl 0.9.8a */
+static int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+	{
+	if (a->type != b->type)
+		return -1;
+
+	if (EVP_PKEY_cmp_parameters(a, b) == 0)
+		return 0;
+
+	switch (a->type)
+		{
+#ifndef OPENSSL_NO_RSA
+	case EVP_PKEY_RSA:
+		if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+			|| BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+			return 0;
+		break;
+#endif
+#ifndef OPENSSL_NO_DSA
+	case EVP_PKEY_DSA:
+		if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
+			return 0;
+		break;
+#endif
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		{
+		int  r;
+		const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+		const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+		               *pb = EC_KEY_get0_public_key(b->pkey.ec);
+		r = EC_POINT_cmp(group, pa, pb, NULL);
+		if (r != 0)
+			{
+			if (r == 1)
+				return 0;
+			else
+				return -2;
+			}
+		}
+ 		break;
+#endif
+#ifndef OPENSSL_NO_DH
+	case EVP_PKEY_DH:
+		return -2;
+#endif
+	default:
+		return -2;
+		}
+
+	return 1;
+	}
+#endif
+
 static int verify_pubkey(X509* cert, const char *key, size_t key_size)
 {
     EVP_PKEY* cert_pubkey = NULL;