Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()
In commit 6aca8d1a ("Honour mandatory digest on private key in has_usable_cert()") I added two checks for the capabilities of the EVP_PKEY being used. One of them was wrong, as it should only be checking the signature of the X.509 cert (by its issuer) against the sigalgs given in a TLS v1.3 signature_algorithms_cert extension. Remove it. Reviewed-by:Matt Caswell <matt@openssl.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9705)
Please register or sign in to comment