Confirmed. The problem is resolved in the latest snapshot. Thank you.
On 07/06/2012 04:57 PM, Stephen Henson via RT wrote: >> [[email protected] - Fri Jul 06 17:50:15 2012]: >> >> RFC 5246 allows a TLS 1.2 client to omit the Signature Algorithm >> extension. See section 7.4.1.4.1 for details. This creates a problem >> for OpenSSL 1.0.1 when acting as a server and either a DSA or ECDSA >> certificate is used. Because the ClientHello does not contain the >> Signature Algorithm extension, tls1_process_sigalgs() is never invoked >> on the server side to set the digest used for the session context. >> Later during the handshake when the server sends the ServerKeyExchange, >> the call to tls12_get_sigandhash() fails, which causes the server to >> abort the handshake. >> >> The attached patch to tls12_get_sigandhash() resolves the problem. >> However, the OpenSSL maintainers may have a better solution. >> >> > Have you tried a recent 1.0.1 snapshot? I came across the same issue > when developing more configurable supported signature algorithms > support. The fix I made was: > > http://cvs.openssl.org/chngview?cn=22655 > > Steve.
<<inline: foleyj.vcf>>
