提交 c19b863e 编写于 作者: D Dr. Stephen Henson

For TLS 1.3 retrieve previously set certificate index

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
上级 e10dbdbf
...@@ -2838,11 +2838,14 @@ static int ssl_get_server_cert_index(const SSL *s) ...@@ -2838,11 +2838,14 @@ static int ssl_get_server_cert_index(const SSL *s)
{ {
int idx; int idx;
/* if (SSL_IS_TLS13(s)) {
* TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the if (s->s3->tmp.sigalg == NULL) {
* ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
* forces the use of an RSA cert. This will need to change. return -1;
*/ }
return s->s3->tmp.cert_idx;
}
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
idx = SSL_PKEY_RSA_SIGN; idx = SSL_PKEY_RSA_SIGN;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册