Don't send a for ServerKeyExchange for kDHr and kDHd

The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-14 23:23:26 +01:00 · 2015-03-14 23:23:26 +01:00 · 93f1c13619
commit 93f1c13619
parent 24a0d3933d
1 changed files with 1 additions and 1 deletions
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@ -484,7 +484,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd))
+                || (alg_k & SSL_kDHE)
                || (alg_k & SSL_kECDHE)
                || ((alg_k & SSL_kRSA)
                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL