From 8f74a3828f3726e6172cf5fcfcd186f1272b1e22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 19 Nov 2018 15:07:29 +0000
Subject: Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature
 verification.

Discussed with beck@
---
 src/lib/libssl/ssl_lib.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4ed6a95414..37db478b05 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.195 2018/11/17 11:22:43 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.196 2018/11/19 15:07:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2209,10 +2209,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
 	sigalg = c->pkeys[idx].sigalg;
 	if (!SSL_USE_SIGALGS(s)) {
 		if (pkey->type == EVP_PKEY_RSA) {
-			if (SSL_IS_DTLS(s))
-			    sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-			else
-			    sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
+			sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 		} else if (pkey->type == EVP_PKEY_EC) {
 			sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 		} else {
-- 
cgit v1.2.3-55-g6feb