X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=2f23f2121bd98ff8878d9d6c8738602ba58837c0;hp=28f3bdd6e92259fd74890cead7361d4e9005c8e1;hb=ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1;hpb=d18b716d259d6d3b68ff7f49d154b9158b98df65;ds=sidebyside

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 28f3bdd6e9..2f23f2121b 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3051,26 +3051,15 @@ int ssl3_get_cert_verify(SSL *s)
 		{	
 		if (TLS1_get_version(s) >= TLS1_2_VERSION)
 			{
-			int sigalg = tls12_get_sigid(pkey);
-			/* Should never happen */
-			if (sigalg == -1)
+			int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
+			if (rv == -1)
 				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
-				al=SSL_AD_INTERNAL_ERROR;
+				al = SSL_AD_INTERNAL_ERROR;
 				goto f_err;
 				}
-			/* Check key type is consistent with signature */
-			if (sigalg != (int)p[1])
+			else if (rv == 0)
 				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-			md = tls12_get_hash(p[0]);
-			if (md == NULL)
-				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
-				al=SSL_AD_DECODE_ERROR;
+				al = SSL_AD_DECODE_ERROR;
 				goto f_err;
 				}
 #ifdef SSL_DEBUG