Don't check certificate type against ciphersuite for TLS 1.3

Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)

Don't check certificate type against ciphersuite for TLS 1.3
Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
05b8486e · Dr. Stephen Henson · 8f88cb53 · 05b8486e
显示空白变更内容
内联并排

Showing with 17 addition and 11 deletion

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +17 -11

未找到文件。
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1562,7 +1562,12 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
        goto f_err;
    }
+    /*
+     * Check certificate type is consistent with ciphersuite. For TLS 1.3
+     * skip check since TLS 1.3 ciphersuites can be used with any certificate
+     * type.
+     */
+    if (!SSL_IS_TLS13(s)) {
        exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
        if (exp_idx >= 0 && i != exp_idx
            && (exp_idx != SSL_PKEY_GOST_EC ||
@@ -1574,6 +1579,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
                   SSL_R_WRONG_CERTIFICATE_TYPE);
            goto f_err;
        }
+    }
    s->session->peer_type = i;
    X509_free(s->session->peer);