On Tue, Nov 13, 2018 at 11:28:23AM +0000, Stuart Henderson wrote: > On 2018/11/13 09:37, Sebastien Marie wrote: > > Hi, > > > > Moving the thread to bugs@ has it seems to be an issue with libssl. > > > > When connecting with nc(1) to outlook.office365.com:993, on older system > > is able to connect and verify the connection. On a recent system, the > > handshake failed due to "invalid digest length".
another regression with www.videolan.org . it isn't the exact same error "wrong signature type". on snapshot: OpenBSD 6.4-current (GENERIC.MP) #437: Mon Nov 12 20:06:01 MST 2018 $ nc -vvc www.videolan.org 443 Connection to www.videolan.org 443 port [tcp/https] succeeded! nc: tls handshake failed (handshake failed: error:14009172:SSL routines:CONNECT_CR_KEY_EXCH:wrong signature type) > This is from the "Stop keeping track of sigalgs by guessing it from > digest and pkey" commit, too many commits on top for a simple revert. > > --------------------- > PatchSet 3125 > Date: 2018/11/10 01:19:09 > Author: beck > Branch: HEAD > Tag: (none) > Log: > Stop keeping track of sigalgs by guessing it from digest and pkey, > just keep the sigalg around so we can remember what we actually > decided to use. > ok jsing@ > > Members: > ssl_cert.c:1.69->1.70 > ssl_clnt.c:1.40->1.41 > ssl_lib.c:1.191->1.192 > ssl_locl.h:1.223->1.224 > ssl_sigalgs.c:1.3->1.4 > ssl_sigalgs.h:1.4->1.5 > ssl_srvr.c:1.54->1.55 > t1_lib.c:1.149->1.150 > > --------------------- > -- Sebastien Marie
