Set signature algorithm when choosing cipher

author Dr. Stephen Henson <steve@openssl.org>

Tue, 31 Jan 2017 18:00:55 +0000 (18:00 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 2 Feb 2017 14:45:10 +0000 (14:45 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 31 Jan 2017 18:00:55 +0000 (18:00 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 2 Feb 2017 14:45:10 +0000 (14:45 +0000)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index f965ae1873356752d099d0fc22db4364ac640972..20ea684906c71719f3fbacb893f7cef27611b67c 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1797,6 +1797,12 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
                  goto f_err;
              }
              s->s3->tmp.new_cipher = cipher;
+            if (!tls_choose_sigalg(s)) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                       SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                goto f_err;
+            }
              /* check whether we should disable session resumption */
              if (s->not_resumable_session_cb != NULL)
                  s->session->not_resumable =
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 31 Jan 2017 18:00:55 +0000 (18:00 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 2 Feb 2017 14:45:10 +0000 (14:45 +0000)