[openssl/openssl] 10f65f: Allow ignoring unknown sigalgs and groups in the c...

Tomáš Mráz noreply at github.com
Wed Mar 6 09:45:09 UTC 2024 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 10f65f7282d07c308cba5e26488bc504f56abc8a
      https://github.com/openssl/openssl/commit/10f65f7282d07c308cba5e26488bc504f56abc8a
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    M ssl/t1_lib.c

  Log Message:
  -----------
  Allow ignoring unknown sigalgs and groups in the configuration

Related to #20789

Signature algorithms and groups in the configuration that are
preceded with ? character and are unknown to libssl are just ignored.
The handling for them is similar to handling of ciphers.
I.e., there should be a failure only in case the configuration produces
no valid sigalgs or groups.

Also ignore duplicate sigalgs and groups as such confiuration errors
should not be fatal.

Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)


  Commit: 2b4cea1edfc0db486b3824ffbf3e520752ce05d1
      https://github.com/openssl/openssl/commit/2b4cea1edfc0db486b3824ffbf3e520752ce05d1
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    M test/sslapitest.c

  Log Message:
  -----------
  Add test for ignoring unknown sigalgs and groups marked with ?

Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)


  Commit: cd2cdb6158086c4904d186c718c887cc693b906d
      https://github.com/openssl/openssl/commit/cd2cdb6158086c4904d186c718c887cc693b906d
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-03-06 (Wed, 06 Mar 2024)

  Changed paths:
    M CHANGES.md
    M doc/man3/SSL_CTX_set1_curves.pod
    M doc/man3/SSL_CTX_set1_sigalgs.pod

  Log Message:
  -----------
  Document that unknown groups and sigalgs marked with ? are ignored

Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)


Compare: https://github.com/openssl/openssl/compare/d6d9277b2e61...cd2cdb615808

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list