Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()
In commit 6aca8d1a ("Honour mandatory digest on private key in has_usable_cert()") I added two checks for the capabilities of the EVP_PKEY being used. One of them was wrong, as it should only be checking the signature of the X.509 cert (by its issuer) against the sigalgs given in a TLS v1.3 signature_algorithms_cert extension. Remove it. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9705)
Showing
想要评论请 注册 或 登录