generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Process signature algorithms before deciding on certificate.

Browse Source 
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 56e8dc542b)

Conflicts:
	ssl/ssl.h
	ssl/ssl_err.c
This commit is contained in:
Dr. Stephen Henson
2014-11-17 16:52:59 +00:00
parent bcb245a74a
commit e469af8d05
5 changed files with 52 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/ssl_locl.h
View File

@@ -1329,6 +1329,7 @@ int tls1_shared_list(SSL *s,
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
int tls1_set_server_sigalgs(SSL *s);
int ssl_check_clienthello_tlsext_late(SSL *s);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
int ssl_prepare_clienthello_tlsext(SSL *s);