Fix some client side transition logic (a455d0f6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit a455d0f6 authored Sep 14, 2015 by

Matt Caswell

Fix some client side transition logic

Fixed some issues in the logic for determining whether an SKE should be
expected or not. In particular only allow an SKE for RSA if its export and
the key size is not allowed. Also fix the ephemeral ciphersuite checks and
add in a missing call to ssl3_check_cert_and_algorithm().

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

parent f3b9257f

Hide whitespace changes

Inline Side-by-side

Please register or to comment