[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Mon Nov 30 01:16:23 UTC 2015
The branch master has been updated
via aa430c7467bcb7aa0a88fac45369e3dea7e13a23 (commit)
from 152fbc28e80f46dd1183989b3839e89031631806 (commit)
- Log -----------------------------------------------------------------
commit aa430c7467bcb7aa0a88fac45369e3dea7e13a23
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Nov 29 14:13:33 2015 +0000
For TLS < 1.2 use default digest for client certificate
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index dcfb44f..bdeaf7e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3015,11 +3015,17 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
#ifdef SSL_DEBUG
fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
#endif
- } else if (pkey->type == EVP_PKEY_RSA) {
- md = EVP_md5_sha1();
} else {
- md = EVP_sha1();
+ /* Use default digest for this key type */
+ int idx = ssl_cert_type(NULL, pkey);
+ if (idx >= 0)
+ md = s->s3->tmp.md[idx];
+ if (md == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
}
+
if (!PACKET_get_net_2(pkt, &len)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
More information about the openssl-commits
mailing list