From fea5c236fbb0ee848bf6d7044f64042fa511e86f Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Sat, 28 Mar 2020 22:33:33 +0300 Subject: [PATCH 70/87] ssl: provide interoperability with CryptoPro CSP Windows CSPs fail to send proper SigAlgs extension (it does not include GOST entries even for GOST CipherSuites). To ensure interoperability, assume that the server will understand GOST sigalgs if it has sent GOST certificate. Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov --- src/lib/libssl/ssl_sigalgs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index ffa6278eb..97a0b71fc 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c @@ -379,6 +379,15 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) return sigalg; } +#ifndef OPENSSL_NO_GOST + /* Windows CSPs fail to send proper SigAlgs extension (it does not + * include GOST entries even for GOST CipherSuites). To ensure + * interoperability, assume that the server will understand GOST + * sigalgs if it has sent GOST certificate. */ + if (pkey->type == EVP_PKEY_GOSTR01) + return ssl_sigalg_gost_select(s, pkey); +#endif + SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); return NULL; } -- 2.17.1