generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,

Browse Source 
and allow more general RSA OIDs for ECC certs with RSA CA sig.
This commit is contained in:
Bodo Möller
2006-06-15 18:28:00 +00:00
parent 09e20e0bd8
commit 076944d920
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s3_lib.c
View File

@@ -2309,7 +2309,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_EC
if (
/* if we are considering an ECC cipher suite that uses our certificate */
(alg & SSL_aECDSA)
(alg & SSL_aECDSA || alg & SSL_aECDH)
/* and we have an ECC certificate */
&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
/* and the client specified a Supported Point Formats extension */
@@ -2361,7 +2361,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
if (
/* if we are considering an ECC cipher suite that uses our certificate */
(alg & SSL_aECDSA)
(alg & SSL_aECDSA || alg & SSL_aECDH)
/* and we have an ECC certificate */
&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
/* and the client specified an EllipticCurves extension */
@@ -2411,7 +2411,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
if (
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
((alg & SSL_kECDH) || (alg & SSL_kEECDH))
(alg & SSL_kEECDH)
/* and we have an ephemeral EC key */
&& (s->cert->ecdh_tmp != NULL)
/* and the client specified an EllipticCurves extension */