Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA

using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
author: Dr. Stephen Henson <steve@openssl.org> 2011-08-14 13:47:30 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-08-14 13:47:30 +0000
commit: cf199fec52be90f5ad0b5ada0984c21ae61f8e86 (patch)
tree: 9800447e85b0fac7110a1e82c78c66632ca95b41 /CHANGES
parent: 165c20c2c44f90af054a0f525bc7524a00b1a65a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index d2a10b01a9..68e7bc4a82 100644
--- a/CHANGES
+++ b/CHANGES
@@ -159,6 +159,11 @@
 
  Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
 
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
   *) Add protection against ECDSA timing attacks as mentioned in the paper
      by Billy Bob Brumley and Nicola Tuveri, see:
author	Dr. Stephen Henson <steve@openssl.org>	2011-08-14 13:47:30 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-08-14 13:47:30 +0000
commit	cf199fec52be90f5ad0b5ada0984c21ae61f8e86 (patch)
tree	9800447e85b0fac7110a1e82c78c66632ca95b41 /CHANGES
parent	165c20c2c44f90af054a0f525bc7524a00b1a65a (diff)