Update from 1.0.0-stable.

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 51ec94b5b17226a1e79d5cd2d26ee4926aefd40d..7aa1c037b25758d97edb56a0cd6bd97e957b7508 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3087,6 +3087,18 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+#ifndef OPENSSL_NO_GOST
+       if (s->version >= TLS1_VERSION)
+               {
+               if (alg_k & SSL_kGOST)
+                       {
+                       p[ret++]=TLS_CT_GOST94_SIGN;
+                       p[ret++]=TLS_CT_GOST01_SIGN;
+                       return(ret);
+                       }
+               }
+#endif
+
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kDHr|SSL_kEDH))
                {

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 56f17f66d372df39a87a711e30184cf4beae7c4f..c2db3bd6363d32afc07920d329fb54a8d34621c0 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -368,7 +368,7 @@ typedef struct ssl3_buffer_st
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                 7
+#define SSL3_CT_NUMBER                 9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001

diff --git a/ssl/tls1.h b/ssl/tls1.h
index 0ecbc6d1052e4d5959a9b2460b44dfa21fe3f18b..b399db19bb8fe7007800f9c30316ab6fd55e7eac 100644 (file)
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -471,7 +471,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_ECDSA_SIGN              64
 #define TLS_CT_RSA_FIXED_ECDH          65
 #define TLS_CT_ECDSA_FIXED_ECDH        66
-#define TLS_CT_NUMBER                  7
+#define TLS_CT_GOST94_SIGN             21
+#define TLS_CT_GOST01_SIGN             22
+/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there) */
+#define TLS_CT_NUMBER                  9
 
 #define TLS1_FINISH_MAC_LENGTH         12