mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 10:55:36 +00:00
Fix sig_alg extension on client.
Temporary solution on server.
This commit is contained in:
parent
bfe32efb9b
commit
d11eb7c789
|
@ -147,6 +147,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
|||
/*
|
||||
* Prepare signature_algorithms extension (TLS 1.2)
|
||||
*/
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||
|
@ -167,6 +168,29 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
|||
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
|
||||
#endif
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
#endif
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
#endif
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
#endif
|
||||
#if defined(POLARSSL_MD5_C)
|
||||
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
|
||||
sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
|
||||
#endif
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
|
||||
/*
|
||||
* enum {
|
||||
|
|
|
@ -442,12 +442,10 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
|
|||
p = buf + 2;
|
||||
while( sig_alg_list_size > 0 )
|
||||
{
|
||||
if( p[1] != SSL_SIG_RSA )
|
||||
{
|
||||
sig_alg_list_size -= 2;
|
||||
p += 2;
|
||||
continue;
|
||||
}
|
||||
/*
|
||||
* For now, just ignore signature algorithm and rely on offered
|
||||
* ciphersuites only. To be fixed later.
|
||||
*/
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
if( p[0] == SSL_HASH_SHA512 )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue