Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7d10941..2c6e1ad 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3415,10 +3415,16 @@
 		break;
 
 	case SSL_CTRL_SET_SIGALGS:
-		return tls1_set_sigalgs(s->cert, parg, larg);
+		return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
 	case SSL_CTRL_SET_SIGALGS_LIST:
-		return tls1_set_sigalgs_list(s->cert, parg);
+		return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS:
+		return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(s->cert, parg, 1);
 
 	default:
 		break;
@@ -3703,10 +3709,16 @@
 		break;
 
 	case SSL_CTRL_SET_SIGALGS:
-		return tls1_set_sigalgs(ctx->cert, parg, larg);
+		return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
 	case SSL_CTRL_SET_SIGALGS_LIST:
-		return tls1_set_sigalgs_list(ctx->cert, parg);
+		return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS:
+		return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+	case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+		return tls1_set_sigalgs_list(ctx->cert, parg, 1);
 
 	case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
 		ctx->tlsext_authz_server_audit_proof_cb_arg = parg;