diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-11-29 14:13:33 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-30 01:13:51 +0000 |
commit | aa430c7467bcb7aa0a88fac45369e3dea7e13a23 (patch) | |
tree | 726f8ae0e59ce8b52dff7c3d30389adf770d2b29 /ssl | |
parent | 152fbc28e80f46dd1183989b3839e89031631806 (diff) |
For TLS < 1.2 use default digest for client certificate
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index dcfb44fdbf..bdeaf7e0e0 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3015,11 +3015,17 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifdef SSL_DEBUG fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); #endif - } else if (pkey->type == EVP_PKEY_RSA) { - md = EVP_md5_sha1(); } else { - md = EVP_sha1(); + /* Use default digest for this key type */ + int idx = ssl_cert_type(NULL, pkey); + if (idx >= 0) + md = s->s3->tmp.md[idx]; + if (md == NULL) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } } + if (!PACKET_get_net_2(pkt, &len)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; |