Unbreak legacy ciphers for prior to 1.1 by setting having a legacy

sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
author: beck <> 2018-11-16 02:41:16 +0000
committer: beck <> 2018-11-16 02:41:16 +0000
commit: bc7f7090db96e35bfcf73da923be89cb0b15c0e9 (patch)
tree: 81fc6ce79f085ec2150e52ecdda69a90efe41c22 /src/lib/libssl/ssl_cert.c
parent: b48e8a19a37f8c20a0c41e40ccd93d4e06600fb8 (diff)
download: openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.tar.gz
openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.tar.bz2
openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 30bb74508d..e78335c5bb 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.71 2018/11/16 02:41:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -161,11 +161,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
 static void
 ssl_cert_set_default_sigalgs(CERT *cert)
 {
-        /* Set digest values to defaults */
+        /* Set digest values to legacy defaults */
        cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
        cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+            ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
        cert->pkeys[SSL_PKEY_ECC].sigalg =
            ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 #ifndef OPENSSL_NO_GOST
author	beck <>	2018-11-16 02:41:16 +0000
committer	beck <>	2018-11-16 02:41:16 +0000
commit	bc7f7090db96e35bfcf73da923be89cb0b15c0e9 (patch)
tree	81fc6ce79f085ec2150e52ecdda69a90efe41c22 /src/lib/libssl/ssl_cert.c
parent	b48e8a19a37f8c20a0c41e40ccd93d4e06600fb8 (diff)
download	openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.tar.gz openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.tar.bz2 openbsd-bc7f7090db96e35bfcf73da923be89cb0b15c0e9.zip

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 30bb74508d..e78335c5bb 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */	1	/* $OpenBSD: ssl_cert.c,v 1.71 2018/11/16 02:41:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -161,11 +161,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
161	static void	161	static void
162	ssl_cert_set_default_sigalgs(CERT *cert)	162	ssl_cert_set_default_sigalgs(CERT *cert)
163	{	163	{
164	/* Set digest values to defaults */	164	/* Set digest values to legacy defaults */
165	cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =	165	cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
166	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);	166	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
167	cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =	167	cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
168	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);	168	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
169	cert->pkeys[SSL_PKEY_ECC].sigalg =	169	cert->pkeys[SSL_PKEY_ECC].sigalg =
170	ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);	170	ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
171	#ifndef OPENSSL_NO_GOST	171	#ifndef OPENSSL_NO_GOST