generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Process signature algorithms before deciding on certificate.

Browse Source 
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 56e8dc542b)

Conflicts:
	ssl/ssl.h
	ssl/ssl_err.c
This commit is contained in:
Dr. Stephen Henson
2014-11-17 16:52:59 +00:00
parent bcb245a74a
commit e469af8d05
5 changed files with 52 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/s3_srvr.c
View File

@@ -1378,6 +1378,11 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
ciphers=NULL;
if (!tls1_set_server_sigalgs(s))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
goto err;
}
/* Let cert callback update server certificates if required */
retry_cert:
if (s->cert->cert_cb)