-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 1.0.2* doesn’t preserve digests for SNI #4554
Comments
Do you all call Edit: Changing their order will probably upset |
Yes, we are. This is originally reported to Apache Traffic Server. ( apache/trafficserver#2482 ) If you need details of how we call, please refer below. |
Ah okay. If my theory is right, I believe you'll find the OpenSSL bug no longer reproduces if you turn |
Right. I don't see this issue after I turned off |
1ce95f1 was incomplete and did not handle the case when SSL_set_SSL_CTX was called from the cert_cb callback rather than the SNI callback. The consequence is any server using OpenSSL 1.0.2 and the cert_cb callback for SNI only ever signs a weak digest, SHA-1, even when connecting to clients which use secure ones. Fix this and add regression tests for both this and the original issue. Fixes openssl#4554.
1ce95f1 was incomplete and did not handle the case when SSL_set_SSL_CTX was called from the cert_cb callback rather than the SNI callback. The consequence is any server using OpenSSL 1.0.2 and the cert_cb callback for SNI only ever signs a weak digest, SHA-1, even when connecting to clients which use secure ones. Fix this and add regression tests for both this and the original issue. Fixes #4554. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #4577)
This is fixed in 1.0.2m. Thanks! |
SHA1 is always used as digest of signature algorithm, when
SSL_set_SSL_CTX()
is called for SNI.We only see this issue with OpenSSL 1.0.2*. We don’t see this issue with 1.0.1* or 1.1.0*.
This was originally fixed by 4e05aed for 1.0.1* and 14e14bf for master. The change for master was cherry-picked to 1.0.2* (1ce95f1) but it looks not enough.
IMO, it should copy
CERT_PKEY
s like the fix for 1.0.1* or negotiate signature algorithm from copiedpeer_sigalgs
again.The text was updated successfully, but these errors were encountered: