Don't send a for ServerKeyExchange for kDHr and kDHd
authorKurt Roeckx <kurt@roeckx.be>
Sat, 14 Mar 2015 22:23:26 +0000 (23:23 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Mon, 23 Mar 2015 20:08:20 +0000 (21:08 +0100)
The certificate already contains the DH parameters in that case.
ssl3_send_server_key_exchange() would fail in that case anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/d1_srvr.c

index b89c36976825a490db431b110cfaf42278104d33..b55af35c75b35278cdbb8ed5d51253d01477574a 100644 (file)
@@ -484,7 +484,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd))
+                || (alg_k & SSL_kDHE)
                 || (alg_k & SSL_kECDHE)
                 || ((alg_k & SSL_kRSA)
                     && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL