Commit 572492aa authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Benjamin Kaduk
Browse files

Revert "Delay setting the sig algs until after the cert_cb has been called" 



This reverts commit 524006dd1b80c1a86a20119ad988666a80d8d8f5.

While this change did prevent the sigalgs from getting inadvertently
clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be
set when the cert_cb runs.  This, in turn, caused significant breakage,
such as SSL_check_chain() failing to find any valid chain.  An alternate
approach to fixing the issue from #7244 will follow.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)

(cherry picked from commit 6f34d7bc7d0c7fcd86c6f2772f26e42c925d8505)
parent 9863b419

ssl/statem/statem_srvr.c

+15 −17
Original line number Diff line number Diff line
@@ -2062,6 +2062,10 @@ static int tls_early_post_process_client_hello(SSL *s) 
#else

        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;

#endif

        if (!tls1_set_server_sigalgs(s)) {

            /* SSLfatal() already called */

            goto err;

        }

    }



    sk_SSL_CIPHER_free(ciphers);
@@ -2229,8 +2233,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) 
    if (wst == WORK_MORE_B) {

        if (!s->hit || SSL_IS_TLS13(s)) {

            /* Let cert callback update server certificates if required */

            if (!s->hit) {

                if (s->cert->cert_cb != NULL) {

            if (!s->hit && s->cert->cert_cb != NULL) {

                int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);

                if (rv == 0) {

                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
@@ -2244,11 +2247,6 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) 
                }

                s->rwstate = SSL_NOTHING;

            }

                if (!tls1_set_server_sigalgs(s)) {

                    /* SSLfatal already called */

                    goto err;

                }

            }



            /* In TLSv1.3 we selected the ciphersuite before resumption */

            if (!SSL_IS_TLS13(s)) {