From 51c7d3e824612a9c71bd987862a00140eb4b0711 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Mar 2017 13:27:18 +0000 Subject: [PATCH] Allow signature algorithms in TLS 1.3 certificate request extensions. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2918) --- ssl/statem/extensions.c | 5 +++-- ssl/statem/statem_locl.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index d62c5af3b6..c4fc760b97 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -159,8 +159,9 @@ static const EXTENSION_DEFINITION ext_defs[] = { }, { TLSEXT_TYPE_signature_algorithms, - EXT_CLIENT_HELLO, - init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL, + EXT_CLIENT_HELLO | EXT_TLS1_3_CERTIFICATE_REQUEST, + init_sig_algs, tls_parse_ctos_sig_algs, + tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, tls_construct_ctos_sig_algs, final_sig_algs }, #ifndef OPENSSL_NO_OCSP diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index f16ba11bd0..9bf1d8aad3 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -53,6 +53,7 @@ #define EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400 #define EXT_TLS1_3_CERTIFICATE 0x0800 #define EXT_TLS1_3_NEW_SESSION_TICKET 0x1000 +#define EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000 /* Dummy message type */ #define SSL3_MT_DUMMY -1 -- 2.25.1