提交 51c7d3e8 编写于 作者: D Dr. Stephen Henson

Allow signature algorithms in TLS 1.3 certificate request extensions.

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
上级 5d6cca05
......@@ -159,8 +159,9 @@ static const EXTENSION_DEFINITION ext_defs[] = {
},
{
TLSEXT_TYPE_signature_algorithms,
EXT_CLIENT_HELLO,
init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,
EXT_CLIENT_HELLO | EXT_TLS1_3_CERTIFICATE_REQUEST,
init_sig_algs, tls_parse_ctos_sig_algs,
tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
tls_construct_ctos_sig_algs, final_sig_algs
},
#ifndef OPENSSL_NO_OCSP
......
......@@ -53,6 +53,7 @@
#define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400
#define EXT_TLS1_3_CERTIFICATE 0x0800
#define EXT_TLS1_3_NEW_SESSION_TICKET 0x1000
#define EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000
/* Dummy message type */
#define SSL3_MT_DUMMY -1
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册