When signature_algorithm extension is omitted, use more relevant alerts

Resolves: rhbz#1965017
epel8
Dmitry Belyavskiy 3 years ago
parent c5d8025ca8
commit ecb6630fd3

@ -0,0 +1,22 @@
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3579202c22..134c948bcb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3302,7 +3302,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return 0;
}
@@ -3317,7 +3317,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
if (i == sent_sigslen) {
if (!fatalerrs)
return 1;
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.0
Release: 0.beta2.1%{?dist}
Release: 0.beta2.2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -54,6 +54,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
Patch11: 0011-Remove-EC-curves.patch
# Temporary dual-ABI build patch
Patch19: 0019-dual-abi.patch
# Update alerts according to #1965017
Patch20: 0020-sigalgs-fix-alerts.patch
License: ASL 2.0
URL: http://www.openssl.org/
@ -376,6 +378,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2
- When signature_algorithm extension is omitted, use more relevant alerts
- Resolves: rhbz#1965017
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
- Rebase to upstream version beta2
- Related: rhbz#1903209

Loading…
Cancel
Save