Fix DTLS. Because the DTLS code is strange. I am really coming around to

joel's line of thinking about it

1 files changed, 5 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 2f9724f99f..8a29a78f37 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.45 2018/11/16 02:41:16 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.46 2018/11/16 21:07:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1533,7 +1533,10 @@ ssl3_get_server_key_exchange(SSL *s)
                                 goto f_err;
                         }
                 } else if (pkey->type == EVP_PKEY_RSA) {
-                        sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
+                        if (SSL_IS_DTLS(s))
+                                sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+                        else
+                                sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
                 } else if (pkey->type == EVP_PKEY_EC) {
                         sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
                 } else {
@@ -1541,7 +1544,6 @@ ssl3_get_server_key_exchange(SSL *s)
                         al = SSL_AD_DECODE_ERROR;
                         goto f_err;
                 }
-                md = sigalg->md();
 
                 if (!CBS_get_u16_length_prefixed(&cbs, &signature))
                         goto truncated;