Update fixed DH requirements. The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2 too.

commit: fbbaaccaca32742f09dfb02e5e28dcd20f64a17f [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Wed Mar 27 16:05:10 2013 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Thu Mar 28 14:14:27 2013 +0000
tree: 861db3716b3ec8524ba1a1f8e56530312dd9664d
parent: 04fac50045929e7078cad4835478dd7f16b6d4bd [diff]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d8b9079..0a9bc1a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -3404,14 +3404,14 @@
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
 		goto f_err;
 		}
-	else if ((alg_k & SSL_kDHr) && (TLS1_get_version(s) < TLS1_2_VERSION) &&
+	else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
 		!has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
 		goto f_err;
 		}
 #ifndef OPENSSL_NO_DSA
-	else if ((alg_k & SSL_kDHd) && (TLS1_get_version(s) < TLS1_2_VERSION) &&
+	else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) &&
 		!has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
commit	fbbaaccaca32742f09dfb02e5e28dcd20f64a17f	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Wed Mar 27 16:05:10 2013 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Mar 28 14:14:27 2013 +0000
tree	861db3716b3ec8524ba1a1f8e56530312dd9664d
parent	04fac50045929e7078cad4835478dd7f16b6d4bd [diff]