Add support for application defined signature algorithms for use with

TLS v1.2. These are sent as an extension for clients and during a certificate request for servers. TODO: add support for shared signature algorithms, respect shared algorithms when deciding which ciphersuites and certificates to permit.
2012-06-22 14:03:31 +00:00
parent 020091406c
commit 0f229cce65
10 changed files with 253 additions and 28 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3414,6 +3414,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		s->cert->ecdh_tmp_auto = larg;
 		break;

+	case SSL_CTRL_SET_SIGALGS:
+		return tls1_set_sigalgs(s->cert, parg, larg);
+
+	case SSL_CTRL_SET_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(s->cert, parg);
+
 	default:
 		break;
 		}
@@ -3696,6 +3702,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		ctx->cert->ecdh_tmp_auto = larg;
 		break;

+	case SSL_CTRL_SET_SIGALGS:
+		return tls1_set_sigalgs(ctx->cert, parg, larg);
+
+	case SSL_CTRL_SET_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(ctx->cert, parg);
+
 	case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
 		ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
 		break;