Initial TLS v1.2 client support. Include a default supported signature

algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
parent 0b59755f43
commit a2f9200fba
10 changed files with 206 additions and 80 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1932,6 +1932,10 @@ int ssl3_send_server_key_exchange(SSL *s)
 						}
 					p+=2;
 					}
+#ifdef SSL_DEBUG
+				fprintf(stderr, "Using hash %s\n",
+							EVP_MD_name(md));
+#endif
 				EVP_SignInit_ex(&md_ctx, md, NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);