diff options
author | Matt Caswell <matt@openssl.org> | 2024-04-30 14:31:26 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-06 10:44:14 +0200 |
commit | 91c7ab27cebe4e6f6a6376e0a691736a2534fdd0 (patch) | |
tree | 5154718f324d38be13645dd23766a892513997d7 /ssl | |
parent | c8dddc61d49f84d1667de97e9548f07ccc92dddf (diff) |
Set the server sig algs before calling the session_secret_cb
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb
Fixes #24213
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 47855da5bd..1c38548fe0 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1959,6 +1959,11 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } } + if (!s->hit && !tls1_set_server_sigalgs(s)) { + /* SSLfatal() already called */ + goto err; + } + if (!s->hit && s->version >= TLS1_VERSION && !SSL_CONNECTION_IS_TLS13(s) @@ -2110,10 +2115,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - if (!tls1_set_server_sigalgs(s)) { - /* SSLfatal() already called */ - goto err; - } } sk_SSL_CIPHER_free(ciphers); |