Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA

using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
author: Dr. Stephen Henson <steve@openssl.org> 2011-08-14 13:45:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-08-14 13:45:19 +0000
commit: 1f59a84308f638f6bce1d0d3432134457b49d9d8 (patch)
tree: fc946dc456742f43b52b40bf42035bc77c82f381 /CHANGES
parent: bf3dfe7feee5f62ba1e4367720819255db039f29 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 011df12db3..65bbce6c39 100644
--- a/CHANGES
+++ b/CHANGES
@@ -404,6 +404,11 @@
 
  Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
 
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
   *) Add protection against ECDSA timing attacks as mentioned in the paper
      by Billy Bob Brumley and Nicola Tuveri, see:
author	Dr. Stephen Henson <steve@openssl.org>	2011-08-14 13:45:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-08-14 13:45:19 +0000
commit	1f59a84308f638f6bce1d0d3432134457b49d9d8 (patch)
tree	fc946dc456742f43b52b40bf42035bc77c82f381 /CHANGES
parent	bf3dfe7feee5f62ba1e4367720819255db039f29 (diff)