generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Process signature algorithms before deciding on certificate.

Browse Source 
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2014-11-17 16:52:59 +00:00
parent 9ef1d283fe
commit 56e8dc542b
5 changed files with 52 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/ssl_locl.h
View File

@@ -1312,6 +1312,7 @@ int tls1_shared_list(SSL *s,
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
int tls1_set_server_sigalgs(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
int ssl_prepare_clienthello_tlsext(SSL *s);