Process signature algorithms before deciding on certificate.

The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-11-17 16:52:59 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-11-19 14:44:42 +0000
commit: 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c (patch)
tree: 510358647858bd3eaf9cbcb0badcd5ad5e0f1ff7 /ssl/s3_srvr.c
parent: 9ef1d283fea54f297e35327fdfdfc62e758dd884 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index f92084b9f0..cb003a5391 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1371,6 +1371,11 @@ int ssl3_get_client_hello(SSL *s)
 			goto f_err;
 			}
 		ciphers=NULL;
+		if (!tls1_set_server_sigalgs(s))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+			goto err;
+			}
 		/* Let cert callback update server certificates if required */
 		retry_cert:		
 		if (s->cert->cert_cb)
author	Dr. Stephen Henson <steve@openssl.org>	2014-11-17 16:52:59 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-11-19 14:44:42 +0000
commit	56e8dc542bd693b2dccea8828b3d8e5fc6932d0c (patch)
tree	510358647858bd3eaf9cbcb0badcd5ad5e0f1ff7 /ssl/s3_srvr.c
parent	9ef1d283fea54f297e35327fdfdfc62e758dd884 (diff)