generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Process signature algorithms before deciding on certificate.

Browse Source 
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2014-11-17 16:52:59 +00:00
parent 9ef1d283fe
commit 56e8dc542b
5 changed files with 52 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/s3_srvr.c
View File

@@ -1371,6 +1371,11 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
ciphers=NULL;
if (!tls1_set_server_sigalgs(s))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
/* Let cert callback update server certificates if required */
retry_cert:
if (s->cert->cert_cb)