TLS 1.3: ensure key for signature in CertificateVerify

[SparkiDev]

ZD 11540

[lechner]

Hi, Debian is gradually freezing modifications in preparation for a major release, while the CVE addressed here received a relatively high NVD assessment. I leave this comment merely to receive automatic updates, especially when the fix is merged.

Debian has a flexible process for security updates, in which wolfSSL is guaranteed the most favorable treatment, but it would be easier to cherry-pick the fix in the next month or so.

Please write if I am too cautious or if this commit is unsuitable for application against the stable 4.6.0 release. Thank you for providing your great products under open-source licenses!

[lechner]

@dgarske Thanks for expediting. The fix was cherry-picked for Debian in 4.6.0-3 and is now available in unstable (in time for the upcoming bullseye) and in stable-backports.

Usually, my packages are picked up subsequently by several other Debian-based distributions with rolling releases.

Alas, the Repology tracker does not show downstream revisions, i.e. the -3. For a better overview there, we would require a maintenance release 4.6.1, but I am not sure that is needed.