Separate client and server permitted signature algorithm support: by default

the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only. (backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 14:44:56 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-26 14:44:56 +0000
commit: 04c32cddaa5bfdc08a2f4253d90a53bedbcab8e6 (patch)
tree: 3a32d4133ade4f6ed4921ddce1e999f8c6632e37 /apps/s_client.c
parent: 623a5e24cbec899d21a0cc90f74071e511072c30 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index c33a1d8a34..3a579ca18b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -606,6 +606,7 @@ int MAIN(int argc, char **argv)
 	char *servername = NULL; 
 	char *curves=NULL;
 	char *sigalgs=NULL;
+	char *client_sigalgs=NULL;
         tlsextctx tlsextcbp = 
         {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
@@ -954,6 +955,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			sigalgs= *(++argv);
 			}
+		else if	(strcmp(*argv,"-client_sigalgs") == 0)
+			{
+			if (--argc < 1) goto bad;
+			client_sigalgs= *(++argv);
+			}
 #endif
 #ifndef OPENSSL_NO_JPAKE
 		else if (strcmp(*argv,"-jpake") == 0)
@@ -1204,6 +1210,12 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 	}
+	if (client_sigalgs != NULL)
+		if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
+		BIO_printf(bio_err,"error setting client signature algorithms list\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
 	if (servername != NULL)
 		{
 		tlsextcbp.biodebug = bio_err;
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 14:44:56 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-26 14:44:56 +0000
commit	04c32cddaa5bfdc08a2f4253d90a53bedbcab8e6 (patch)
tree	3a32d4133ade4f6ed4921ddce1e999f8c6632e37 /apps/s_client.c
parent	623a5e24cbec899d21a0cc90f74071e511072c30 (diff)