Update from 1.0.0-stable.

caa97ef1 · Dr. Stephen Henson · d0b72cf4 · caa97ef1 · caa97ef1 · caa97ef1
隐藏空白更改
内联并排

Showing with 18 addition and 2 deletion

ssl/s3_lib.c ssl/s3_lib.c +12 -0

ssl/ssl3.h ssl/ssl3.h +1 -1

ssl/tls1.h ssl/tls1.h +5 -1

未找到文件。
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3087,6 +3087,18 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+#ifndef OPENSSL_NO_GOST
+	if (s->version >= TLS1_VERSION)
+		{
+		if (alg_k & SSL_kGOST)
+			{
+			p[ret++]=TLS_CT_GOST94_SIGN;
+			p[ret++]=TLS_CT_GOST01_SIGN;
+			return(ret);
+			}
+		}
+#endif
 #ifndef OPENSSL_NO_DH
 	if (alg_k & (SSL_kDHr|SSL_kEDH))
 		{

--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -368,7 +368,7 @@ typedef struct ssl3_buffer_st
 * enough to contain all of the cert types defined either for
 * SSLv3 and TLSv1.
 */
-#define SSL3_CT_NUMBER			7
+#define SSL3_CT_NUMBER			9
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001

--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -471,7 +471,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS_CT_ECDSA_SIGN		64
 #define TLS_CT_RSA_FIXED_ECDH		65
 #define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_NUMBER			7
+#define TLS_CT_GOST94_SIGN		21
+#define TLS_CT_GOST01_SIGN		22
+/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there) */
+#define TLS_CT_NUMBER			9
 #define TLS1_FINISH_MAC_LENGTH		12