root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Allow signature algorithms in TLS 1.3 certificate request extensions. 

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
This commit is contained in:
Dr. Stephen Henson 2017-03-13 13:27:18 +00:00
parent 5d6cca05b0
commit 51c7d3e824
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/statem/extensions.c
View File

@ -159,8 +159,9 @@ static const EXTENSION_DEFINITION ext_defs[] = {
}, },
{ {
TLSEXT_TYPE_signature_algorithms, TLSEXT_TYPE_signature_algorithms,
EXT_CLIENT_HELLO, EXT_CLIENT_HELLO | EXT_TLS1_3_CERTIFICATE_REQUEST,
init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL, init_sig_algs, tls_parse_ctos_sig_algs,
tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
tls_construct_ctos_sig_algs, final_sig_algs tls_construct_ctos_sig_algs, final_sig_algs
}, },
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP

1
ssl/statem/statem_locl.h
View File

@ -53,6 +53,7 @@
#define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400 #define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400
#define EXT_TLS1_3_CERTIFICATE 0x0800 #define EXT_TLS1_3_CERTIFICATE 0x0800
#define EXT_TLS1_3_NEW_SESSION_TICKET 0x1000 #define EXT_TLS1_3_NEW_SESSION_TICKET 0x1000
#define EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000
/* Dummy message type */ /* Dummy message type */
#define SSL3_MT_DUMMY -1 #define SSL3_MT_DUMMY -1