git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Wed, 26 Mar 2025 10:36:08 +0000 (21:36 +1100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 31 Mar 2025 12:08:12 +0000 (14:08 +0200)
commit	a7f35508551dc2c3f77f59fd31cbb03da41f2b20
tree	bb7a9f992733616f955e04802445ebdbebddcdd6	tree
parent	01b6d4a39b0805bd3dcadf709ce6f05b5162fd96	commit \| diff

Fix sigalg corner cases

- Tolerate RSA PKCS#1 *certificate* signatures when
  the peer sigals include RSA PSS with the same digest.

  Now that we're more strict about not sending sigalgs that are out of
  protocol range, when the client supports TLS 1.3 only, we might refuse
  to return an RSA PKCS#1-signed cert.

- Don't send TLS 1.3 sigalgs when requesting client certs from
  a TLS 1.2 client.

Fixes: #1144
Fixes: #25277
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27166)

(cherry picked from commit a5f98e6da521934455898d49c8b2152a60b46925)

ssl/ssl_local.h		diff \| blob \| blame \| history
ssl/statem/extensions_clnt.c		diff \| blob \| blame \| history
ssl/t1_lib.c		diff \| blob \| blame \| history
test/certs/p256-ee-rsa-ca-cert.pem	[new file with mode: 0644]	blob
test/certs/p256-ee-rsa-ca-key.pem	[new file with mode: 0644]	blob
test/certs/setup.sh		diff \| blob \| blame \| history
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt		diff \| blob \| blame \| history
test/recipes/75-test_quicapi_data/ssltraceref.txt		diff \| blob \| blame \| history
test/recipes/95-test_external_tlsfuzzer_data/cert.json.in		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history