libsec: fix verifyDHparams() for version <= TLS1.1

for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange message and the signature digest algorithm is fixed to md5+sha1 and we only support RSA signatures (TLS1.1 doesnt know about ECDSA).
author: cinap_lenrek <cinap_lenrek@felloff.net> 2016-03-01 11:30:01 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2016-03-01 11:30:01 +0100
commit: 169bfb46102ceb254e180e0b8265382aab7ef7f0 (patch)
tree: c9bce6911563115106b395eae741ecd7d7111646 /sys/src/libsec
parent: bb81a10687c31919f7792540b5ec6d0f014e0468 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index 582a43f0a..9606ed0be 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -1035,6 +1035,7 @@ verifyDHparams(TlsConnection *c, Bytes *par, Bytes *sig, int sigalg)
 		digestlen = MD5dlen + SHA1dlen;
 		md5(blob->data, blob->len, digest, nil);
 		sha1(blob->data, blob->len, digest+MD5dlen, nil);
+		sigalg = 1; // only RSA signatures supported for version <= TLS1.1
 	} else {
 		int hashalg = (sigalg>>8) & 0xFF;
 		digestlen = -1;
author	cinap_lenrek <cinap_lenrek@felloff.net>	2016-03-01 11:30:01 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2016-03-01 11:30:01 +0100
commit	169bfb46102ceb254e180e0b8265382aab7ef7f0 (patch)
tree	c9bce6911563115106b395eae741ecd7d7111646 /sys/src/libsec
parent	bb81a10687c31919f7792540b5ec6d0f014e0468 (diff)