Process signature algorithms before deciding on certificate. The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c) Conflicts: ssl/ssl.h ssl/ssl_err.c

commit: e469af8d05dd28b1e77de9d8045b2ddd6cb6ee5d [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Mon Nov 17 16:52:59 2014 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Wed Nov 19 14:49:12 2014 +0000
tree: 94ac0958d401f910d332d9f39e1cfd97fd59ddad
parent: bcb245a74af139400014d03d578e5f464d601005 [diff] [blame]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1fd6bb1..8d2475c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -1329,6 +1329,7 @@
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
+int tls1_set_server_sigalgs(SSL *s);
 int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
 int ssl_prepare_clienthello_tlsext(SSL *s);
commit	e469af8d05dd28b1e77de9d8045b2ddd6cb6ee5d	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Mon Nov 17 16:52:59 2014 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Wed Nov 19 14:49:12 2014 +0000
tree	94ac0958d401f910d332d9f39e1cfd97fd59ddad
parent	bcb245a74af139400014d03d578e5f464d601005 [diff] [blame]