openssl/ssl
Matt Caswell 5235ef44b9 Fix SSL_check_chain()
The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.

We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
..
record Fix SSL_MODE_RELEASE_BUFFERS functionality 2019-08-05 17:12:21 +01:00
statem Use allow_early_data_cb from SSL instead of SSL_CTX 2019-08-01 11:38:52 +10:00
bio_ssl.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
build.info Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
d1_lib.c Remove function name from errors 2019-07-16 05:26:28 +02:00
d1_msg.c issue-8998: Ensure that the alert is generated and reaches the remote 2019-05-30 11:30:54 +01:00
d1_srtp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
methods.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
pqueue.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
s3_cbc.c Structure alignment macro. 2019-05-01 08:37:11 +10:00
s3_enc.c Change OSSL_PARAM return size to not be a pointer. 2019-06-24 14:43:55 +10:00
s3_lib.c API to get negotiated key exchange algorithm in TLS1.3 2019-08-06 12:04:52 +01:00
s3_msg.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_asn1.c constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION 2019-03-06 16:10:09 +00:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
ssl_ciph.c Change cipher default strings to a function 2019-06-11 09:44:26 +01:00
ssl_conf.c Add option to disable Extended Master Secret 2019-02-15 10:11:18 +00:00
ssl_err.c Regenerate mkerr files 2019-07-16 05:26:28 +02:00
ssl_init.c Adapt OPENSSL_INIT_DEBUG to the new generic trace API 2019-03-06 11:15:13 +01:00
ssl_lib.c Replace FUNCerr with ERR_raise_data 2019-08-02 11:41:54 +02:00
ssl_locl.h API to get negotiated key exchange algorithm in TLS1.3 2019-08-06 12:04:52 +01:00
ssl_mcnf.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_rsa.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
ssl_sess.c Following the previous 2 commits also move ecpointformats out of session 2019-06-18 13:36:25 +01:00
ssl_stat.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_txt.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_utst.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
t1_enc.c Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. 2019-05-27 20:28:18 +10:00
t1_lib.c Fix SSL_check_chain() 2019-08-09 17:29:39 +01:00
t1_trce.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
tls13_enc.c Coverity fixes 2019-06-06 09:34:17 +10:00
tls_srp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00