From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 14 Mar 2015 22:23:26 +0000 (+0100)
Subject: Don't send a for ServerKeyExchange for kDHr and kDHd
X-Git-Tag: OpenSSL_1_0_1n~115
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=23a9b24aa100cc1c5c7d2c95252f2520680d2e58;p=oweals%2Fopenssl.git

Don't send a for ServerKeyExchange for kDHr and kDHd

The certificate already contains the DH parameters in that case.
ssl3_send_server_key_exchange() would fail in that case anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 93f1c13619c5b41f2dcfdbf6ae666f867922a87a)
---

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index c4ec9fe108..d12ad6d9b2 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -470,7 +470,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                || (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd))
+                || (alg_k & SSL_kEDH)
                 || (alg_k & SSL_kEECDH)
                 || ((alg_k & SSL_kRSA)
                     && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL