mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 16:54:20 +01:00
Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension.
This commit is contained in:
parent
72ea31b026
commit
f3d441f2a5
@ -1,5 +1,12 @@
|
|||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Parse signature algorithm extension when renegotiating. Previously,
|
||||||
|
renegotiated handshakes would only accept signatures using SHA-1
|
||||||
|
regardless of the peer's preferences, or fail if SHA-1 was disabled.
|
||||||
|
|
||||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
@ -1694,11 +1694,8 @@ read_record_header:
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
Loading…
Reference in New Issue
Block a user