IANA has allocated numbers for GOST ClientCertificateType. Use them in addition to private values (left in place for compat).
Sponsored by ROSA Linux Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com> --- src/lib/libssl/s3_lib.c | 4 ++++ src/lib/libssl/tls1.h | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index f71995632040..671d86e8cc14 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -2555,6 +2555,10 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) return 0; if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT)) + return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT)) + return 0; } #endif diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 26dca0803434..b7d7fe48a27d 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h @@ -739,8 +739,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH 66 #define TLS_CT_GOST01_SIGN 22 -#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ -#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ +#define TLS_CT_GOST12_256_SIGN 67 +#define TLS_CT_GOST12_512_SIGN 68 +#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */ +#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */ /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ #define TLS_CT_NUMBER 11 -- 2.25.1