Don't send a for ServerKeyExchange for kDHr and kDHd

The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 93f1c13619)
2015-03-14 23:23:26 +01:00 · 2015-03-14 23:23:26 +01:00 · fe82be2b33
commit fe82be2b33
parent 8509128179
1 changed files with 1 additions and 1 deletions
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@ -486,7 +486,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                || (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd))
+                || (alg_k & SSL_kDHE)
                || (alg_k & SSL_kEECDH)
                || ((alg_k & SSL_kRSA)
                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL