root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

For TLS 1.3 retrieve previously set certificate index 

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
This commit is contained in:
Dr. Stephen Henson 2017-01-31 18:32:41 +00:00
parent e10dbdbfea
commit c19b863e81
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/ssl_lib.c
View File

@ -2838,11 +2838,14 @@ static int ssl_get_server_cert_index(const SSL *s)
{
int idx;
/*
* TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the
* ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite
* forces the use of an RSA cert. This will need to change.
*/
if (SSL_IS_TLS13(s)) {
if (s->s3->tmp.sigalg == NULL) {
SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
return -1;
}
return s->s3->tmp.cert_idx;
}
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
idx = SSL_PKEY_RSA_SIGN;