diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2016-04-22 17:18:53 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2016-04-22 17:18:53 +1000 |
commit | 200be79de2b82bb4260f80e60881507610a58bd1 (patch) | |
tree | 00f9615dfcc92a8a129fd8e014c95209ee5d1648 | |
parent | e19a94be9d54e3c8745825795358a568250b599b (diff) | |
download | nss-hg-200be79de2b82bb4260f80e60881507610a58bd1.tar.gz |
Bug 1237514 - Report correct authType for PSK suite, r=franziskus
-rw-r--r-- | external_tests/ssl_gtest/ssl_loopback_unittest.cc | 6 | ||||
-rw-r--r-- | lib/ssl/sslinfo.c | 3 |
2 files changed, 5 insertions, 4 deletions
diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc index 41d0d6372..d4db35676 100644 --- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc +++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc @@ -1003,7 +1003,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { SSL_LIBRARY_VERSION_TLS_1_3); Connect(); SendReceive(); // Need to read so that we absorb the session ticket. - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); uint16_t original_suite; EXPECT_TRUE(client_->cipher_suite(&original_suite)); @@ -1018,7 +1018,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ExpectResumption(RESUME_TICKET); Connect(); SendReceive(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); DataBuffer psk1(c1->extension()); ASSERT_GE(psk1.len(), 0UL); ASSERT_TRUE(!!client_->peer_cert()); @@ -1035,7 +1035,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ExpectResumption(RESUME_TICKET); Connect(); SendReceive(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); DataBuffer psk2(c2->extension()); ASSERT_GE(psk2.len(), 0UL); ASSERT_TRUE(!!client_->peer_cert()); diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c index 08b0b9a49..ba9d0f040 100644 --- a/lib/ssl/sslinfo.c +++ b/lib/ssl/sslinfo.c @@ -153,6 +153,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define A_ECDSA ssl_auth_ecdsa #define A_ECDH_R ssl_auth_ecdh_rsa #define A_ECDH_E ssl_auth_ecdh_ecdsa +#define A_PSK ssl_auth_psk /* Report ssl_auth_null for export suites that can't decide between * ssl_auth_rsa_sign and ssl_auth_rsa_decrypt. */ #define A_EXP ssl_auth_null @@ -255,7 +256,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { /* ECC cipher suites */ { 0, CS(ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAS }, { 0, CS(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_ECDSA }, - { 0, CS(ECDHE_PSK_WITH_AES_128_GCM_SHA256), S_PSK, K_ECDHE_PSK, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0 }, + { 0, CS(ECDHE_PSK_WITH_AES_128_GCM_SHA256), S_PSK, K_ECDHE_PSK, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_PSK }, { 0, CS(ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_ECDH_E }, { 0, CS(ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_ECDH_E }, |