Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.
TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1ac8191..dad84dc 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3414,6 +3414,12 @@
s->cert->ecdh_tmp_auto = larg;
break;
+ case SSL_CTRL_SET_SIGALGS:
+ return tls1_set_sigalgs(s->cert, parg, larg);
+
+ case SSL_CTRL_SET_SIGALGS_LIST:
+ return tls1_set_sigalgs_list(s->cert, parg);
+
default:
break;
}
@@ -3696,6 +3702,12 @@
ctx->cert->ecdh_tmp_auto = larg;
break;
+ case SSL_CTRL_SET_SIGALGS:
+ return tls1_set_sigalgs(ctx->cert, parg, larg);
+
+ case SSL_CTRL_SET_SIGALGS_LIST:
+ return tls1_set_sigalgs_list(ctx->cert, parg);
+
case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
break;
