Loading ssl/s3_clnt.c +15 −2 Original line number Diff line number Diff line Loading @@ -1833,9 +1833,12 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else { if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) /* aNULL or kPSK do not need public keys */ if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) /* Otherwise this shouldn't happen */ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } Loading Loading @@ -3334,6 +3337,16 @@ int ssl3_check_cert_and_algorithm(SSL *s) return 1; } } else if (alg_a & SSL_aECDSA) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDSA_SIGNING_CERT); goto f_err; } else if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDH_CERT); goto f_err; } #endif pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); Loading ssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -2624,6 +2624,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 #define SSL_R_MISSING_DSA_SIGNING_CERT 165 #define SSL_R_MISSING_ECDH_CERT 382 #define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 #define SSL_R_MISSING_RSA_CERTIFICATE 168 Loading ssl/ssl_err.c +2 −0 Original line number Diff line number Diff line Loading @@ -431,6 +431,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, {ERR_REASON(SSL_R_MISSING_ECDH_CERT) ,"missing ecdh cert"}, {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),"missing ecdsa signing cert"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, Loading Loading
ssl/s3_clnt.c +15 −2 Original line number Diff line number Diff line Loading @@ -1833,9 +1833,12 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else { if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) /* aNULL or kPSK do not need public keys */ if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) /* Otherwise this shouldn't happen */ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } Loading Loading @@ -3334,6 +3337,16 @@ int ssl3_check_cert_and_algorithm(SSL *s) return 1; } } else if (alg_a & SSL_aECDSA) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDSA_SIGNING_CERT); goto f_err; } else if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDH_CERT); goto f_err; } #endif pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); Loading
ssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -2624,6 +2624,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 #define SSL_R_MISSING_DSA_SIGNING_CERT 165 #define SSL_R_MISSING_ECDH_CERT 382 #define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 #define SSL_R_MISSING_RSA_CERTIFICATE 168 Loading
ssl/ssl_err.c +2 −0 Original line number Diff line number Diff line Loading @@ -431,6 +431,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, {ERR_REASON(SSL_R_MISSING_ECDH_CERT) ,"missing ecdh cert"}, {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),"missing ecdsa signing cert"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, Loading
