artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38e980d)
Don't push the error stack in ssl_sigalg_select()
authorbeck <beck@openbsd.org>
Tue, 9 Jul 2024 13:43:57 +0000 (13:43 +0000)
committerbeck <beck@openbsd.org>
Tue, 9 Jul 2024 13:43:57 +0000 (13:43 +0000)
Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.

ok tb@

lib/libssl/ssl_sigalgs.c patch | blob | history

diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index 9876e82..18d71f6 100644 (file)
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -337,7 +337,6 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
                        return sigalg;
        }
 
-       SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
        return NULL;
 }
 
OpenBSD src
by Ahmet Artu Yildirim