mirror of
https://abf.rosa.ru/djam/libressl.git
synced 2025-02-23 08:02:54 +00:00
40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From fea5c236fbb0ee848bf6d7044f64042fa511e86f Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
Date: Sat, 28 Mar 2020 22:33:33 +0300
|
|
Subject: [PATCH 70/87] ssl: provide interoperability with CryptoPro CSP
|
|
|
|
Windows CSPs fail to send proper SigAlgs extension (it does not include
|
|
GOST entries even for GOST CipherSuites). To ensure interoperability,
|
|
assume that the server will understand GOST sigalgs if it has sent GOST
|
|
certificate.
|
|
|
|
Sponsored by ROSA Linux
|
|
|
|
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
---
|
|
src/lib/libssl/ssl_sigalgs.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
|
|
index ffa6278eb..97a0b71fc 100644
|
|
--- a/src/lib/libssl/ssl_sigalgs.c
|
|
+++ b/src/lib/libssl/ssl_sigalgs.c
|
|
@@ -379,6 +379,15 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
|
|
return sigalg;
|
|
}
|
|
|
|
+#ifndef OPENSSL_NO_GOST
|
|
+ /* Windows CSPs fail to send proper SigAlgs extension (it does not
|
|
+ * include GOST entries even for GOST CipherSuites). To ensure
|
|
+ * interoperability, assume that the server will understand GOST
|
|
+ * sigalgs if it has sent GOST certificate. */
|
|
+ if (pkey->type == EVP_PKEY_GOSTR01)
|
|
+ return ssl_sigalg_gost_select(s, pkey);
|
|
+#endif
|
|
+
|
|
SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
|
|
return NULL;
|
|
}
|
|
--
|
|
2.17.1
|
|
|