From 30a54a48602b448e02ee04c47544d1ba7c29c570 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 3 Jan 2017 09:40:57 -0800
Subject: [PATCH] Multicast 1. Add haveMcast as an exception case for needing a
 signing key along    with havePSK and haveAnon.

---
 src/internal.c | 13 +++++++++----
 src/ssl.c      |  8 ++++++--
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 249867bf6..87f1fd472 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -3725,6 +3725,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     byte haveAnon = 0;
     byte newSSL;
     byte haveRSA = 0;
+    byte haveMcast = 0;
     (void) haveAnon; /* Squash unused var warnings */
 
     if (!ssl || !ctx)
@@ -3751,6 +3752,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef HAVE_ANON
     haveAnon = ctx->haveAnon;
 #endif /* HAVE_ANON*/
+#ifdef WOLFSSL_MULTICAST
+    haveMcast = ctx->haveMcast;
+#endif /* WOLFSSL_MULTICAST */
 
     /* decrement previous CTX reference count if exists.
      * This should only happen if switching ctxs!*/
@@ -3885,11 +3889,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
                        ssl->options.haveStaticECC, ssl->options.side);
 
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
-        /* make sure server has cert and key unless using PSK or Anon
-        * This should be true even if just switching ssl ctx */
-        if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
+        /* make sure server has cert and key unless using PSK, Anon, or
+         * Multicast. This should be true even if just switching ssl ctx */
+        if (ssl->options.side == WOLFSSL_SERVER_END &&
+                !havePSK && !haveAnon && !haveMcast)
             if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer
-                     || !ssl->buffers.key || !ssl->buffers.key->buffer) {
+                || !ssl->buffers.key || !ssl->buffers.key->buffer) {
                 WOLFSSL_MSG("Server missing certificate and/or private key");
                 return NO_PRIVATE_KEY;
             }
diff --git a/src/ssl.c b/src/ssl.c
index 24d5cd3fe..af253f5d9 100755
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8746,12 +8746,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     {
         word16 havePSK = 0;
         word16 haveAnon = 0;
+        word16 haveMcast = 0;
 
 #ifdef WOLFSSL_TLS13
         if (ssl->options.tls1_3)
             return wolfSSL_accept_TLSv13(ssl);
 #endif
-
         WOLFSSL_ENTER("SSL_accept()");
 
         #ifdef HAVE_ERRNO_H
@@ -8768,6 +8768,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #endif
         (void)haveAnon;
 
+        #ifdef WOLFSSL_MULTICAST
+            haveMcast = ssl->options.haveMcast;
+        #endif
+
         if (ssl->options.side != WOLFSSL_SERVER_END) {
             WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
             return SSL_FATAL_ERROR;
@@ -8775,7 +8779,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
         #ifndef NO_CERTS
             /* in case used set_accept_state after init */
-            if (!havePSK && !haveAnon &&
+            if (!havePSK && !haveAnon && !haveMcast &&
                 (!ssl->buffers.certificate ||
                  !ssl->buffers.certificate->buffer ||
                  !ssl->buffers.key ||