Commit 05b8486e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Don't check certificate type against ciphersuite for TLS 1.3 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
parent 8f88cb53

ssl/statem/statem_clnt.c

+17 −11
Original line number Diff line number Diff line
@@ -1562,7 +1562,12 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) 
               SSL_R_UNKNOWN_CERTIFICATE_TYPE);

        goto f_err;

    }



    /*

     * Check certificate type is consistent with ciphersuite. For TLS 1.3

     * skip check since TLS 1.3 ciphersuites can be used with any certificate

     * type.

     */

    if (!SSL_IS_TLS13(s)) {

        exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);

        if (exp_idx >= 0 && i != exp_idx

            && (exp_idx != SSL_PKEY_GOST_EC ||
@@ -1574,6 +1579,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) 
                   SSL_R_WRONG_CERTIFICATE_TYPE);

            goto f_err;

        }

    }

    s->session->peer_type = i;



    X509_free(s->session->peer);