mirror of
https://github.com/openssl/openssl.git
synced 2025-02-23 14:42:15 +08:00
Set the server sig algs before calling the session_secret_cb
Setting the server sig algs sets up the certificate "s3->tmp.valid_flags". These are needed when calling ssl3_choose_cipher() which can happen immediately after calling the session_secret_cb Fixes #24213 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24309)
This commit is contained in:
parent
c8dddc61d4
commit
91c7ab27ce
@ -1959,6 +1959,11 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!s->hit && !tls1_set_server_sigalgs(s)) {
|
||||||
|
/* SSLfatal() already called */
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
if (!s->hit
|
if (!s->hit
|
||||||
&& s->version >= TLS1_VERSION
|
&& s->version >= TLS1_VERSION
|
||||||
&& !SSL_CONNECTION_IS_TLS13(s)
|
&& !SSL_CONNECTION_IS_TLS13(s)
|
||||||
@ -2110,10 +2115,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
|
|||||||
#else
|
#else
|
||||||
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
|
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
|
||||||
#endif
|
#endif
|
||||||
if (!tls1_set_server_sigalgs(s)) {
|
|
||||||
/* SSLfatal() already called */
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sk_SSL_CIPHER_free(ciphers);
|
sk_SSL_CIPHER_free(ciphers);
|
||||||
|
Loading…
Reference in New Issue
Block a user