diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-01-31 18:00:55 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-02 14:45:10 +0000 |
commit | 5672327522b1a364b9a2010603f1aa0ff58f5718 (patch) | |
tree | c5018a4c1248793126db5c42e3179b4cf2fc52eb /ssl/statem | |
parent | 93a77f9e2c66a4e63f732bb0d04695b4f951febb (diff) | |
download | openssl-5672327522b1a364b9a2010603f1aa0ff58f5718.tar.gz |
Set signature algorithm when choosing cipher
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index f965ae1873..20ea684906 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1797,6 +1797,12 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) goto f_err; } s->s3->tmp.new_cipher = cipher; + if (!tls_choose_sigalg(s)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + goto f_err; + } /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) s->session->not_resumable = |