generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

For TLS < 1.2 use default digest for client certificate

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-11-29 14:13:33 +00:00
parent 152fbc28e8
commit aa430c7467
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/statem/statem_srvr.c
View File

@ -3015,11 +3015,17 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG #ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif #endif
} else if (pkey->type == EVP_PKEY_RSA) {
md = EVP_md5_sha1();
} else { } else {
md = EVP_sha1(); /* Use default digest for this key type */
int idx = ssl_cert_type(NULL, pkey);
if (idx >= 0)
md = s->s3->tmp.md[idx];
if (md == NULL) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
} }
if (!PACKET_get_net_2(pkt, &len)) { if (!PACKET_get_net_2(pkt, &len)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;