commit 3dbc46dfcd918f7869496e34b0896dbac01d25a0
author Dr. Stephen Henson <steve@openssl.org> Tue Jul 03 12:51:14 2012 +0000
committer Dr. Stephen Henson <steve@openssl.org> Tue Jul 03 12:51:14 2012 +0000
tree d4c2dae8f5b1866ea96bd169e7beb26e84d49202
parent 32e03a3016b93bf0f763c6daf1eeeada7db2256c

Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.

ssl/ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9aa7b04..1edbf18 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -361,19 +361,31 @@
 	/* Peer sigalgs set to NULL as we get these from handshake too */
 	ret->peer_sigalgs = NULL;
 	ret->peer_sigalgslen = 0;
-	/* Configure sigalgs however we copy across */
+	/* Configured sigalgs however we copy across */
+
 	if (cert->conf_sigalgs)
 		{
-		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
-							* sizeof(TLS_SIGALGS));
+		ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
 		if (!ret->conf_sigalgs)
 			goto err;
 		memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
-				cert->conf_sigalgslen * sizeof(TLS_SIGALGS));
+						cert->conf_sigalgslen);
 		ret->conf_sigalgslen = cert->conf_sigalgslen;
 		}
 	else
 		ret->conf_sigalgs = NULL;
+
+	if (cert->client_sigalgs)
+		{
+		ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+		if (!ret->client_sigalgs)
+			goto err;
+		memcpy(ret->client_sigalgs, cert->client_sigalgs,
+						cert->client_sigalgslen);
+		ret->client_sigalgslen = cert->client_sigalgslen;
+		}
+	else
+		ret->client_sigalgs = NULL;
 	/* Shared sigalgs also NULL */
 	ret->shared_sigalgs = NULL;
 
@@ -473,6 +485,8 @@
 		OPENSSL_free(c->peer_sigalgs);
 	if (c->conf_sigalgs)
 		OPENSSL_free(c->conf_sigalgs);
+	if (c->client_sigalgs)
+		OPENSSL_free(c->client_sigalgs);
 	if (c->shared_sigalgs)
 		OPENSSL_free(c->shared_sigalgs);
 	OPENSSL_free(c);