Abort handshake if signature algorithm used not supported by peer.

author: Dr. Stephen Henson <steve@openssl.org> 2012-07-24 18:11:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-07-24 18:11:27 +0000
commit: ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (patch)
tree: cb856889245aa324e613bece9db3d79f1dab91c1 /CHANGES
parent: d18b716d259d6d3b68ff7f49d154b9158b98df65 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index fafaf6ddb3..46b23de1da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) If an attempt is made to use a signature algorithm not in the peer
+     preference list abort the handshake. If client has no suitable
+     signature algorithms in response to a certificate request do not
+     use the certificate.
+     [Steve Henson]
+
   *) If server EC tmp key is not in client preference list abort handshake.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2012-07-24 18:11:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-07-24 18:11:27 +0000
commit	ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 (patch)
tree	cb856889245aa324e613bece9db3d79f1dab91c1 /CHANGES
parent	d18b716d259d6d3b68ff7f49d154b9158b98df65 (diff)