generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Separate client and server permitted signature algorithm support: by default

Browse Source 
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
2012-12-26 14:44:56 +00:00
parent 623a5e24cb
commit 04c32cddaa
8 changed files with 135 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/s_server.c
View File

@@ -272,6 +272,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;
static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
static char *curves=NULL;
static char *sigalgs=NULL;
static char *client_sigalgs=NULL;
#endif
static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;
#ifdef FIONBIO
@@ -1207,6 +1208,11 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
sigalgs= *(++argv);
}
else if (strcmp(*argv,"-client_sigalgs") == 0)
{
if (--argc < 1) goto bad;
client_sigalgs= *(++argv);
}
#endif
else if (strcmp(*argv,"-msg") == 0)
{ s_msg=1; }
@@ -1926,6 +1932,21 @@ bad:
goto end;
}
}
if (client_sigalgs)
{
if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs))
{
BIO_printf(bio_err,"error setting client signature algorithms\n");
ERR_print_errors(bio_err);
goto end;
}
if(ctx2 && !SSL_CTX_set1_client_sigalgs_list(ctx2,client_sigalgs))
{
BIO_printf(bio_err,"error setting client signature algorithms\n");
ERR_print_errors(bio_err);
goto end;
}
}
#endif
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,