Windows CSPs fail to send proper SigAlgs extension (it does not include
GOST entries even for GOST CipherSuites). To ensure interoperability,
assume that the server will understand GOST sigalgs if it has sent GOST
certificate.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com>
---
src/lib/libssl/ssl_sigalgs.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index f4d5f5bc5621..ccf955b4c501 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -373,6 +373,15 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
return sigalg;
}
+#ifndef OPENSSL_NO_GOST
+ /* Windows CSPs fail to send proper SigAlgs extension (it does not
+ * include GOST entries even for GOST CipherSuites). To ensure
+ * interoperability, assume that the server will understand GOST
+ * sigalgs if it has sent GOST certificate. */
+ if (pkey->type == EVP_PKEY_GOSTR01)
+ return ssl_sigalg_gost_select(s, pkey);
+#endif
+
SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
return NULL;
}
--
2.25.1
