From 934b3985a409d7e0a88557dd4313222194a110bd Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 23 Jan 2019 18:39:28 +0000
Subject: Modify sigalgs extension processing to accomodate TLS 1.3. - Make a
 separate sigalgs list for TLS 1.3 including only modern algorithm choices
 which we use when the handshake will not negotiate TLS 1.2. - Modify the
 legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by
 RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3
 handshake. ok jsing@ tb@

---
 src/lib/libssl/ssl_clnt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_clnt.c')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 26755d7c03..e9e900b643 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.54 2019/01/23 18:24:40 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.55 2019/01/23 18:39:28 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1680,7 +1680,8 @@ ssl3_get_certificate_request(SSL *s)
 			SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
 			goto err;
 		}
-		if (!tls1_process_sigalgs(s, &sigalgs)) {
+		if (!tls1_process_sigalgs(s, &sigalgs, tls12_sigalgs,
+		    tls12_sigalgs_len)) {
 			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
 			SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
 			goto err;
-- 
cgit v1.2.3-55-g6feb