diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-03-27 16:05:10 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-18 13:46:02 +0100 |
commit | 919834dc847d0652c58da641f867fe21ad2774ac (patch) | |
tree | 25d35e8d4ac188ada0a562573ebb15f6181271c7 /ssl | |
parent | efc17286f86fd55496c28021fce475a0ffe1957a (diff) |
Update fixed DH requirements.
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2
too.
(cherry picked from commit fbbaaccaca32742f09dfb02e5e28dcd20f64a17f)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e9c716ff95..fea40acefb 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3404,14 +3404,14 @@ int ssl3_check_cert_and_algorithm(SSL *s) SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); goto f_err; } - else if ((alg_k & SSL_kDHr) && (TLS1_get_version(s) < TLS1_2_VERSION) && + else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); goto f_err; } #ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && (TLS1_get_version(s) < TLS1_2_VERSION) && + else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); |