diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2018-11-19 15:07:30 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2018-11-19 15:07:30 +0000 |
| commit | 47c7a85ea1b575f49ee5fbffefa07388c20c7922 (patch) | |
| tree | 74d645156480660238d74e0201388e9599e82b28 /lib/libssl/ssl_lib.c | |
| parent | d0b01e05a5065141ce999f07f39308c9ec2a131c (diff) | |
Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.
Discussed with beck@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 4ed6a954143..37db478b057 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.195 2018/11/17 11:22:43 beck Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.196 2018/11/19 15:07:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2209,10 +2209,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, sigalg = c->pkeys[idx].sigalg; if (!SSL_USE_SIGALGS(s)) { if (pkey->type == EVP_PKEY_RSA) { - if (SSL_IS_DTLS(s)) - sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - else - sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); + sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); } else if (pkey->type == EVP_PKEY_EC) { sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); } else { |