no need to check s->server as default_nid is never used for TLS 1.2 client authentication
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4553468..eb6aa55 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -3482,7 +3482,7 @@ * have set preferred signature algorithms check we support * sha1. */ - if (s->server && default_nid > 0 && c->conf_sigalgs) + if (default_nid > 0 && c->conf_sigalgs) { size_t j; const unsigned char *p = c->conf_sigalgs;