{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1762032566, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"c4d16c453c0f8d605be9022ec2e55ec0", "commit": {"type":"commit", "time": 1484089370, "time_ofs": 0, "oid_tree": { "oid": "011b4952accb438870cf3730927505135af99c6e", "alias": []}, "oid":{ "oid": "3f305a80e9a449a1c8671f387ac3e0575dfdd9bf", "alias": []}, "msg": "Add a TODO(TLS1.3) around certificate selection", "sig_commit": { "git_time": { "time": 1484089370, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1480949931, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Add a TODO(TLS1.3) around certificate selection\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/2157)" , "diff": "diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c\nindex 5887345..21ea284 100644\n--- a/ssl/ssl_lib.c\n+++ b/ssl/ssl_lib.c\n@@ -2823,6 +2823,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)\n static int ssl_get_server_cert_index(const SSL *s)\n {\n int idx;\n+\n+ /*\n+ * TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the\n+ * ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite\n+ * forces the use of an RSA cert. This will need to change.\n+ */\n idx \u003d ssl_cipher_get_cert_index(s-\u003es3-\u003etmp.new_cipher);\n if (idx \u003d\u003d SSL_PKEY_RSA_ENC \u0026\u0026 !s-\u003ecert-\u003epkeys[SSL_PKEY_RSA_ENC].x509)\n idx \u003d SSL_PKEY_RSA_SIGN;\n","s":{"c":1762032566,"u": 27196}} ],"g": 28603,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}