diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:25:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 14:25:29 +0000 |
commit | 0b362de5f57547b31eddef5f8a0d298c4b7e0fd3 (patch) | |
tree | d46bf3897439c4a2f0246c0be2f1ae89f1f1c5ea /ssl/ssl_cert.c | |
parent | d312f7be37622aa478a323adc26f7e1ab30d86ec (diff) |
Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.
TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
(backport from HEAD)
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9f8b463976..815cfd3c74 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -357,9 +357,22 @@ CERT *ssl_cert_dup(CERT *cert) * will be set during handshake. */ ssl_cert_set_default_md(ret); - /* Sigalgs set to NULL as we get these from handshake too */ - ret->sigalgs = NULL; - ret->sigalgslen = 0; + /* Peer sigalgs set to NULL as we get these from handshake too */ + ret->peer_sigalgs = NULL; + ret->peer_sigalgslen = 0; + /* Configure sigalgs however we copy across */ + if (cert->conf_sigalgs) + { + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen + * sizeof(TLS_SIGALGS)); + if (!ret->conf_sigalgs) + goto err; + memcpy(ret->conf_sigalgs, cert->conf_sigalgs, + cert->conf_sigalgslen * sizeof(TLS_SIGALGS)); + ret->conf_sigalgslen = cert->conf_sigalgslen; + } + else + ret->conf_sigalgs = NULL; return(ret); @@ -447,8 +460,10 @@ void ssl_cert_free(CERT *c) #endif ssl_cert_clear_certs(c); - if (c->sigalgs) - OPENSSL_free(c->sigalgs); + if (c->peer_sigalgs) + OPENSSL_free(c->peer_sigalgs); + if (c->conf_sigalgs) + OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c); } |