ref: bd39efd4932cc805a92240c3f980ff3529f5727c
parent: 6703a4556c348ee8e60b28cebd656e80c79d45fe
author: cinap_lenrek <[email protected]>
date: Tue Mar 1 06:30:59 EST 2016
libsec: fix verifyDHparams() for version <= TLS1.1 for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange message and the signature digest algorithm is fixed to md5+sha1 and we only support RSA signatures (TLS1.1 doesnt know about ECDSA).
--- a/libsec/tlshand.c
+++ b/libsec/tlshand.c
@@ -1034,6 +1034,7 @@
digestlen = MD5dlen + SHA1dlen;
md5(blob->data, blob->len, digest, nil);
sha1(blob->data, blob->len, digest+MD5dlen, nil);
+ sigalg = 1; // only RSA signatures supported for version <= TLS1.1
} else {
int hashalg = (sigalg>>8) & 0xFF;
digestlen = -1;