Process signature algorithms before deciding on certificate.
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 56e8dc542b)
Conflicts:
ssl/ssl.h
ssl/ssl_err.c
This commit is contained in:
Dr. Stephen Henson
@@ -2682,7 +2682,6 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_SSL_CERT_INSTANTIATE 214
|
||||
#define SSL_F_SSL_CERT_NEW 162
|
||||
#define SSL_F_SSL_CERT_SET0_CHAIN 340
|
||||
#define SSL_F_SSL_CHECK_CLIENTHELLO_TLSEXT_LATE 335
|
||||
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
|
||||
#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
|
||||
#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
|
||||
@@ -2782,6 +2781,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
|
||||
#define SSL_F_TLS1_PRF 284
|
||||
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
|
||||
#define SSL_F_TLS1_SET_SERVER_SIGALGS 335
|
||||
#define SSL_F_WRITE_PENDING 212
|
||||
|
||||
/* Reason codes. */
|
||||
|
||||
Reference in New Issue
Block a user