Fixed issue with ECDH-ECDSA cipher suites rejecting certificates without

the DigitalSignature key usage.
2014-09-09 17:49:38 -07:00 · 2014-09-09 17:49:38 -07:00 · 91214ad5a6
commit 91214ad5a6
parent ddeb1bb9f7
1 changed files with 2 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -4123,7 +4123,8 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
                ret = KEYUSE_ENCIPHER_E;
            }
            if ((ssl->specs.sig_algo == rsa_sa_algo ||
-                    ssl->specs.sig_algo == ecc_dsa_sa_algo) &&
+                    (ssl->specs.sig_algo == ecc_dsa_sa_algo &&
+                         !ssl->specs.static_ecdh)) &&
                (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
                CYASSL_MSG("KeyUse Digital Sig not set");
                ret = KEYUSE_SIGNATURE_E;