mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Set the server sig algs before calling the session_secret_cb

Browse Source 
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags".
These are needed when calling ssl3_choose_cipher() which can happen
immediately after calling the session_secret_cb

Fixes #24213

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
This commit is contained in:
Matt Caswell 2024-04-30 14:31:26 +01:00 committed by Tomas Mraz
parent c8dddc61d4
commit 91c7ab27ce
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/statem/statem_srvr.c
View File

@ -1959,6 +1959,11 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
}
}
if (!s->hit && !tls1_set_server_sigalgs(s)) {
/* SSLfatal() already called */
goto err;
}
if (!s->hit
&& s->version >= TLS1_VERSION
&& !SSL_CONNECTION_IS_TLS13(s)
@ -2110,10 +2115,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
#else
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
#endif
if (!tls1_set_server_sigalgs(s)) {
/* SSLfatal() already called */
goto err;
}
}
sk_SSL_CIPHER_free(ciphers);