IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compat).
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com>
---
src/lib/libssl/s3_lib.c | 4 ++++
src/lib/libssl/tls1.h | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f71995632040..671d86e8cc14 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2555,6 +2555,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
return 0;
if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN))
return 0;
+ if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT))
+ return 0;
+ if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT))
+ return 0;
}
#endif
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 26dca0803434..b7d7fe48a27d 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -739,8 +739,10 @@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 66
#define TLS_CT_GOST01_SIGN 22
-#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */
-#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */
+#define TLS_CT_GOST12_256_SIGN 67
+#define TLS_CT_GOST12_512_SIGN 68
+#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */
+#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */
/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there) */
#define TLS_CT_NUMBER 11
--
2.25.1
