commit 0f229cce65c1e7a04ed114c04327d75169b6dac3
author Dr. Stephen Henson <steve@openssl.org> Fri Jun 22 14:03:31 2012 +0000
committer Dr. Stephen Henson <steve@openssl.org> Fri Jun 22 14:03:31 2012 +0000
tree 0be54b8a6f09b6eb7f8c593fa1ba2dc0c2a5a710
parent 020091406ce85661ccec8f663c42f3c710340a6b

Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.

ssl/ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 64d6f8a..72443ec 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -357,9 +357,22 @@
 	 * will be set during handshake.
 	 */
 	ssl_cert_set_default_md(ret);
-	/* Sigalgs set to NULL as we get these from handshake too */
-	ret->sigalgs = NULL;
-	ret->sigalgslen = 0;
+	/* Peer sigalgs set to NULL as we get these from handshake too */
+	ret->peer_sigalgs = NULL;
+	ret->peer_sigalgslen = 0;
+	/* Configure sigalgs however we copy across */
+	if (cert->conf_sigalgs)
+		{
+		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
+							* sizeof(TLS_SIGALGS));
+		if (!ret->conf_sigalgs)
+			goto err;
+		memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
+				cert->conf_sigalgslen * sizeof(TLS_SIGALGS));
+		ret->conf_sigalgslen = cert->conf_sigalgslen;
+		}
+	else
+		ret->conf_sigalgs = NULL;
 
 	return(ret);
 	
@@ -447,8 +460,10 @@
 #endif
 
 	ssl_cert_clear_certs(c);
-	if (c->sigalgs)
-		OPENSSL_free(c->sigalgs);
+	if (c->peer_sigalgs)
+		OPENSSL_free(c->peer_sigalgs);
+	if (c->conf_sigalgs)
+		OPENSSL_free(c->conf_sigalgs);
 	OPENSSL_free(c);
 	}