diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-11-17 16:52:59 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-11-19 14:44:42 +0000 |
commit | 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c (patch) | |
tree | 510358647858bd3eaf9cbcb0badcd5ad5e0f1ff7 /ssl/s3_srvr.c | |
parent | 9ef1d283fea54f297e35327fdfdfc62e758dd884 (diff) |
Process signature algorithms before deciding on certificate.
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f92084b9f0..cb003a5391 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1371,6 +1371,11 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } ciphers=NULL; + if (!tls1_set_server_sigalgs(s)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } /* Let cert callback update server certificates if required */ retry_cert: if (s->cert->cert_cb) |