From 91214ad5a627d5bb7e9a5f35ec1b7c672884f5a9 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 9 Sep 2014 17:49:38 -0700 Subject: [PATCH] Fixed issue with ECDH-ECDSA cipher suites rejecting certificates without the DigitalSignature key usage. --- src/internal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 84fa1d031..f81c65be7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4123,7 +4123,8 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, ret = KEYUSE_ENCIPHER_E; } if ((ssl->specs.sig_algo == rsa_sa_algo || - ssl->specs.sig_algo == ecc_dsa_sa_algo) && + (ssl->specs.sig_algo == ecc_dsa_sa_algo && + !ssl->specs.static_ecdh)) && (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { CYASSL_MSG("KeyUse Digital Sig not set"); ret = KEYUSE_SIGNATURE_E;