Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7d10941..2c6e1ad 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3415,10 +3415,16 @@
 		break;
 
 	case SSL_CTRL_SET_SIGALGS:
-		return tls1_set_sigalgs(s->cert, parg, larg);
+		return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
 	case SSL_CTRL_SET_SIGALGS_LIST:
-		return tls1_set_sigalgs_list(s->cert, parg);
+		return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS:
+		return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(s->cert, parg, 1);
 
 	default:
 		break;
@@ -3703,10 +3709,16 @@
 		break;
 
 	case SSL_CTRL_SET_SIGALGS:
-		return tls1_set_sigalgs(ctx->cert, parg, larg);
+		return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
 	case SSL_CTRL_SET_SIGALGS_LIST:
-		return tls1_set_sigalgs_list(ctx->cert, parg);
+		return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS:
+		return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(ctx->cert, parg, 1);
 
 	case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
 		ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index afeb60d..aea244a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1662,6 +1662,8 @@
 #define SSL_CTRL_SET_SIGALGS_LIST		98
 #define SSL_CTRL_CERT_FLAGS			99
 #define SSL_CTRL_CLEAR_CERT_FLAGS		100
+#define SSL_CTRL_SET_CLIENT_SIGALGS		101
+#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST	102
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1747,6 +1749,15 @@
 #define SSL_set1_sigalgs_list(ctx, s) \
 	SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 
+#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
+#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+#define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
+	SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
+#define SSL_set1_client_sigalgs_list(ctx, s) \
+	SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9aa7b04..1edbf18 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -361,19 +361,31 @@
 	/* Peer sigalgs set to NULL as we get these from handshake too */
 	ret->peer_sigalgs = NULL;
 	ret->peer_sigalgslen = 0;
-	/* Configure sigalgs however we copy across */
+	/* Configured sigalgs however we copy across */
+
 	if (cert->conf_sigalgs)
 		{
-		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
-							* sizeof(TLS_SIGALGS));
+		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
 		if (!ret->conf_sigalgs)
 			goto err;
 		memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
-				cert->conf_sigalgslen * sizeof(TLS_SIGALGS));
+						cert->conf_sigalgslen);
 		ret->conf_sigalgslen = cert->conf_sigalgslen;
 		}
 	else
 		ret->conf_sigalgs = NULL;
+
+	if (cert->client_sigalgs)
+		{
+		ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+		if (!ret->client_sigalgs)
+			goto err;
+		memcpy(ret->client_sigalgs, cert->client_sigalgs,
+						cert->client_sigalgslen);
+		ret->client_sigalgslen = cert->client_sigalgslen;
+		}
+	else
+		ret->client_sigalgs = NULL;
 	/* Shared sigalgs also NULL */
 	ret->shared_sigalgs = NULL;
 
@@ -473,6 +485,8 @@
 		OPENSSL_free(c->peer_sigalgs);
 	if (c->conf_sigalgs)
 		OPENSSL_free(c->conf_sigalgs);
+	if (c->client_sigalgs)
+		OPENSSL_free(c->client_sigalgs);
 	if (c->shared_sigalgs)
 		OPENSSL_free(c->shared_sigalgs);
 	OPENSSL_free(c);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 17bbbf5..fd23a9c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -538,14 +538,25 @@
 	unsigned char *peer_sigalgs;
 	/* Size of above array */
 	size_t peer_sigalgslen;
-	/* configured signature algorithms (can be NULL for default).
-	 * sent in signature algorithms extension or certificate request.
+	/* suppported signature algorithms.
+	 * When set on a client this is sent in the client hello as the 
+	 * supported signature algorithms extension. For servers
+	 * it represents the signature algorithms we are willing to use.
 	 */
 	unsigned char *conf_sigalgs;
 	/* Size of above array */
 	size_t conf_sigalgslen;
+	/* Client authentication signature algorithms, if not set then
+	 * uses conf_sigalgs. On servers these will be the signature
+	 * algorithms sent to the client in a cerificate request for TLS 1.2.
+	 * On a client this represents the signature algortithms we are
+	 * willing to use for client authentication.
+	 */
+	unsigned char *client_sigalgs;
+	/* Size of above array */
+	size_t client_sigalgslen;
 	/* Signature algorithms shared by client and server: cached
-	 * because these are used most often
+	 * because these are used most often.
 	 */
 	TLS_SIGALGS *shared_sigalgs;
 	size_t shared_sigalgslen;
@@ -1200,8 +1211,8 @@
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
-int tls1_set_sigalgs_list(CERT *c, const char *str);
-int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen);
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 								int idx);
 void tls1_set_cert_validity(SSL *s);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6b0ddf2..4553468 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -639,10 +639,17 @@
 	{
 	const unsigned char *sigs;
 	size_t sigslen;
-	sigs = s->cert->conf_sigalgs;
-
-	if (sigs)
+	/* If server use client authentication sigalgs if not NULL */
+	if (s->server && s->cert->client_sigalgs)
+		{
+		sigs = s->cert->client_sigalgs;
+		sigslen = s->cert->client_sigalgslen;
+		}
+	else if (s->cert->conf_sigalgs)
+		{
+		sigs = s->cert->conf_sigalgs;
 		sigslen = s->cert->conf_sigalgslen;
+		}
 	else
 		{
 		sigs = tls12_sigalgs;
@@ -2975,9 +2982,17 @@
 	size_t nmatch;
 	TLS_SIGALGS *salgs = NULL;
 	CERT *c = s->cert;
-	conf = c->conf_sigalgs;
-	if (conf)
+	/* If client use client signature algorithms if not NULL */
+	if (!s->server && c->client_sigalgs)
+		{
+		conf = c->client_sigalgs;
+		conflen = c->client_sigalgslen;
+		}
+	else if (c->conf_sigalgs)
+		{
+		conf = c->conf_sigalgs;
 		conflen = c->conf_sigalgslen;
+		}
 	else
 		{
 		conf = tls12_sigalgs;
@@ -3328,16 +3343,16 @@
 
 /* Set suppored signature algorithms based on a colon separated list
  * of the form sig+hash e.g. RSA+SHA512:DSA+SHA512 */
-int tls1_set_sigalgs_list(CERT *c, const char *str)
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
 	{
 	sig_cb_st sig;
 	sig.sigalgcnt = 0;
 	if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
 		return 0;
-	return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt);
+	return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
 	}
 
-int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen)
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
 	{
 	unsigned char *sigalgs, *sptr;
 	int rhash, rsign;
@@ -3360,11 +3375,21 @@
 		*sptr++ = rsign;
 		}
 
-	if (c->conf_sigalgs)
-		OPENSSL_free(c->conf_sigalgs);
+	if (client)
+		{
+		if (c->client_sigalgs)
+			OPENSSL_free(c->client_sigalgs);
+		c->client_sigalgs = sigalgs;
+		c->client_sigalgslen = salglen;
+		}
+	else
+		{
+		if (c->conf_sigalgs)
+			OPENSSL_free(c->conf_sigalgs);
+		c->conf_sigalgs = sigalgs;
+		c->conf_sigalgslen = salglen;
+		}
 
-	c->conf_sigalgs = sigalgs;
-	c->conf_sigalgslen = salglen;
 	return 1;
 
 	err:
@@ -3457,7 +3482,7 @@
 		 * have set preferred signature algorithms check we support
 		 * sha1.
 		 */
-		if (default_nid > 0 && c->conf_sigalgs)
+		if (s->server && default_nid > 0 && c->conf_sigalgs)
 			{
 			size_t j;
 			const unsigned char *p = c->conf_sigalgs;