CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2020/06/05 11:53:26
Modified files:
lib/libssl : ssl_clnt.c ssl_srvr.c
Log message:
Enable GOST_SIG_FORMAT_RS_LE when verifying certificate signatures.
GOST cipher suites requires that CertVerify signatures be generated in a
special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()).
However, the GOST_SIG_FORMAT_RS_LE flag was not passed in case of TLS 1.2
connections (because they use different code path). Set this flag on
GOST PKEYs.
Diff from Dmitry Baryshkov <dbarysh...@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
