diff options
-rw-r--r-- | ssl/ssl_locl.h | 6 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 747e718a52..3dd2a54b22 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -491,6 +491,12 @@ # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \ (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION)) +/* + * Determine if a client should send signature algorithms extension: + * as with TLS1.2 cipher we can't rely on method flags. + */ +# define SSL_CLIENT_USE_SIGALGS(s) \ + SSL_CLIENT_USE_TLS1_2_CIPHERS(s) /* Mostly for SSLv3 */ # define SSL_PKEY_RSA_ENC 0 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index dd5bd0050d..fb64607acf 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1429,7 +1429,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, } skip_ext: - if (SSL_USE_SIGALGS(s)) { + if (SSL_CLIENT_USE_SIGALGS(s)) { size_t salglen; const unsigned char *salg; salglen = tls12_get_psigalgs(s, &salg); |