diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:25:29 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:25:29 +0000 |
| commit | 0b362de5f57547b31eddef5f8a0d298c4b7e0fd3 (patch) | |
| tree | d46bf3897439c4a2f0246c0be2f1ae89f1f1c5ea /apps | |
| parent | d312f7be37622aa478a323adc26f7e1ab30d86ec (diff) | |
Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.
TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
(backport from HEAD)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/s_client.c | 12 | ||||
| -rw-r--r-- | apps/s_server.c | 21 |
2 files changed, 33 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 7a75888daf..42e0e24127 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -605,6 +605,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_TLSEXT char *servername = NULL; char *curves=NULL; + char *sigalgs=NULL; tlsextctx tlsextcbp = {NULL,0}; # ifndef OPENSSL_NO_NEXTPROTONEG @@ -948,6 +949,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; curves= *(++argv); } + else if (strcmp(*argv,"-sigalgs") == 0) + { + if (--argc < 1) goto bad; + sigalgs= *(++argv); + } #endif #ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) @@ -1192,6 +1198,12 @@ bad: ERR_print_errors(bio_err); goto end; } + if (sigalgs != NULL) + if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) { + BIO_printf(bio_err,"error setting signature algorithms list\n"); + ERR_print_errors(bio_err); + goto end; + } if (servername != NULL) { tlsextcbp.biodebug = bio_err; diff --git a/apps/s_server.c b/apps/s_server.c index 20f0c221a0..ac88f7c188 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -271,6 +271,7 @@ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL; #ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; static char *curves=NULL; +static char *sigalgs=NULL; #endif static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL; #ifdef FIONBIO @@ -1193,6 +1194,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; curves= *(++argv); } + else if (strcmp(*argv,"-sigalgs") == 0) + { + if (--argc < 1) goto bad; + sigalgs= *(++argv); + } #endif else if (strcmp(*argv,"-msg") == 0) { s_msg=1; } @@ -1888,6 +1894,21 @@ bad: goto end; } } + if (sigalgs) + { + if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) + { + BIO_printf(bio_err,"error setting signature algorithms\n"); + ERR_print_errors(bio_err); + goto end; + } + if(ctx2 && !SSL_CTX_set1_sigalgs_list(ctx2,sigalgs)) + { + BIO_printf(bio_err,"error setting signature algorithms\n"); + ERR_print_errors(bio_err); + goto end; + } + } #endif SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, |