diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4152ef5dcb..4e0eeed028 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4346,22 +4346,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { -#ifndef OPENSSL_NO_DH if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) return 0; -# ifndef OPENSSL_NO_DSA - if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + if (!(alg_a & SSL_aDSS) + && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) return 0; -# endif -#endif /* !OPENSSL_NO_DH */ } if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) return 0; -#ifndef OPENSSL_NO_DSA if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) return 0; -#endif -#ifndef OPENSSL_NO_EC + /* * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE @@ -4370,7 +4365,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) && !(alg_a & SSL_aECDSA) && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) return 0; -#endif + return 1; } |