generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Error messages for client ECC cert verification.

Browse Source 
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
This commit is contained in:
Bodo Möller
2006-06-15 19:58:22 +00:00
parent b166f13eb5
commit ed3ecd801e
6 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s3_clnt.c
View File

@@ -164,10 +164,6 @@
static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
#ifndef OPENSSL_NO_ECDH
int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
#endif
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -2506,7 +2502,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
#ifndef OPENSSL_NO_ECDH
if (idx == SSL_PKEY_ECC)
{
if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
s->s3->tmp.new_cipher) == 0)
{ /* check failed */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);