diff options
| -rw-r--r-- | apps/lib/s_cb.c | 2 | ||||
| -rw-r--r-- | include/openssl/ssl3.h | 2 | ||||
| -rw-r--r-- | include/openssl/tls1.h | 8 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 6 |
4 files changed, 11 insertions, 7 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 2e0e9b2407..959568b282 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -190,7 +190,7 @@ static STRINT_PAIR cert_type_list[] = { {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, {"GOST01 Sign", TLS_CT_GOST01_SIGN}, - {"GOST12 Sign", TLS_CT_GOST12_SIGN}, + {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN}, {NULL} }; diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index efef3ccfeb..261545f23f 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -270,7 +270,7 @@ extern "C" { * SSL3_CT_NUMBER is used to size arrays and it must be large enough to * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 10 +# define SSL3_CT_NUMBER 12 # if defined(TLS_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 9181e0d2c1..d0dbf17d63 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1116,14 +1116,16 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS_CT_RSA_FIXED_ECDH 65 # define TLS_CT_ECDSA_FIXED_ECDH 66 # define TLS_CT_GOST01_SIGN 22 -# define TLS_CT_GOST12_SIGN 238 -# define TLS_CT_GOST12_512_SIGN 239 +# define TLS_CT_GOST12_IANA_SIGN 67 +# define TLS_CT_GOST12_IANA_512_SIGN 68 +# define TLS_CT_GOST12_LEGACY_SIGN 238 +# define TLS_CT_GOST12_LEGACY_512_SIGN 239 /* * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 10 +# define TLS_CT_NUMBER 12 # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9902fa3811..a99522a006 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4371,8 +4371,10 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) - && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN); #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { |