Commit 51c7d3e8 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Allow signature algorithms in TLS 1.3 certificate request extensions. 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2918)
parent 5d6cca05

ssl/statem/extensions.c

+3 −2
Original line number Diff line number Diff line
@@ -159,8 +159,9 @@ static const EXTENSION_DEFINITION ext_defs[] = { 
    },

    {

        TLSEXT_TYPE_signature_algorithms,

        EXT_CLIENT_HELLO,

        init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,

        EXT_CLIENT_HELLO | EXT_TLS1_3_CERTIFICATE_REQUEST,

        init_sig_algs, tls_parse_ctos_sig_algs,

        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,

        tls_construct_ctos_sig_algs, final_sig_algs

    },

#ifndef OPENSSL_NO_OCSP

ssl/statem/statem_locl.h

+1 −0
Original line number Diff line number Diff line
@@ -53,6 +53,7 @@ 
#define EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400

#define EXT_TLS1_3_CERTIFICATE              0x0800

#define EXT_TLS1_3_NEW_SESSION_TICKET       0x1000

#define EXT_TLS1_3_CERTIFICATE_REQUEST      0x2000



/* Dummy message type */

#define SSL3_MT_DUMMY   -1