CVSROOT: /cvs Module name: src Changes by: bc...@cvs.openbsd.org 2016/09/19 22:25:09
Modified files:
lib/libssl : ssl_lib.c
Log message:
Avoid selecting weak digests for (EC)DH when using SNI.
from OpenSSL:
SSL_set_SSL_CTX is normally called for SNI after ClientHello has
received and the digest to use for each certificate has been decided.
The original ssl->cert contains the negotiated digests and is now
copied to the new ssl->cert.
noted by David Benjamin and Kinichiro Inoguchi
