projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7814cdf) | patch
Tolerate a Certificate using a non-supported group on server side
authorMatt Caswell <matt@openssl.org>
Mon, 12 Mar 2018 17:15:25 +0000 (17:15 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 28 Mar 2018 14:08:09 +0000 (15:08 +0100)
commitdcf8b01f44c4dc5f76ea72093261b61d8a34601b
treeab748a631c3d4c11978653019c6b6dfe9585ef68tree | snapshot
parent7814cdf3ebc0bae649cc46f279ac4e4369d309decommit | diff
Tolerate a Certificate using a non-supported group on server side

If a server has been configured to use an ECDSA certificate, we should
allow it regardless of whether the server's own supported groups list
includes the certificate's group.

Fixes #2033

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5601)
ssl/ssl_locl.h diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
ssl/t1_lib.c diff | blob | history
test/ssl-tests/20-cert-select.conf diff | blob | history
test/ssl-tests/20-cert-select.conf.in diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.