Process signature algorithms before deciding on certificate.
The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson
@@ -2586,7 +2586,6 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_CERT_INST 222
|
||||
#define SSL_F_SSL_CERT_INSTANTIATE 214
|
||||
#define SSL_F_SSL_CERT_NEW 162
|
||||
#define SSL_F_SSL_CHECK_CLIENTHELLO_TLSEXT_LATE 335
|
||||
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
|
||||
#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
|
||||
#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
|
||||
@@ -2686,6 +2685,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
|
||||
#define SSL_F_TLS1_PRF 284
|
||||
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
|
||||
#define SSL_F_TLS1_SET_SERVER_SIGALGS 335
|
||||
#define SSL_F_WRITE_PENDING 212
|
||||
|
||||
/* Reason codes. */
|
||||
|
||||
Reference in New Issue
Block a user