generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Separate client and server permitted signature algorithm support: by default

Browse Source 
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
This commit is contained in:
Dr. Stephen Henson
2012-07-03 12:51:14 +00:00
parent 32e03a3016
commit 3dbc46dfcd
8 changed files with 135 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/s_client.c
View File

@@ -607,6 +607,7 @@ int MAIN(int argc, char **argv)
char *servername = NULL;
char *curves=NULL;
char *sigalgs=NULL;
char *client_sigalgs=NULL;
tlsextctx tlsextcbp =
{NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
@@ -964,6 +965,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
sigalgs= *(++argv);
}
else if (strcmp(*argv,"-client_sigalgs") == 0)
{
if (--argc < 1) goto bad;
client_sigalgs= *(++argv);
}
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
@@ -1215,6 +1221,12 @@ bad:
ERR_print_errors(bio_err);
goto end;
}
if (client_sigalgs != NULL)
if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
BIO_printf(bio_err,"error setting client signature algorithms list\n");
ERR_print_errors(bio_err);
goto end;
}
if (servername != NULL)
{
tlsextcbp.biodebug = bio_err;

21
apps/s_server.c
View File

@@ -275,6 +275,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL;
static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
static char *curves=NULL;
static char *sigalgs=NULL;
static char *client_sigalgs=NULL;
#endif
static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL;
#ifdef FIONBIO
@@ -1219,6 +1220,11 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
sigalgs= *(++argv);
}
else if (strcmp(*argv,"-client_sigalgs") == 0)
{
if (--argc < 1) goto bad;
client_sigalgs= *(++argv);
}
#endif
else if (strcmp(*argv,"-msg") == 0)
{ s_msg=1; }
@@ -1963,6 +1969,21 @@ bad:
goto end;
}
}
if (client_sigalgs)
{
if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs))
{
BIO_printf(bio_err,"error setting client signature algorithms\n");
ERR_print_errors(bio_err);
goto end;
}
if(ctx2 && !SSL_CTX_set1_client_sigalgs_list(ctx2,client_sigalgs))
{
BIO_printf(bio_err,"error setting client signature algorithms\n");
ERR_print_errors(bio_err);
goto end;
}
}
#endif
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,