Skip to content
Commit b0e9ab95 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Signature algorithm enhancement.



Change tls12_sigalg_allowed() so it is passed a SIGALG_LOOKUP parameter,
this avoids multiple lookups.

When we copy signature algorithms return an error if no valid TLS message
signing algorithm is present. For TLS 1.3 this means we need at least one
signature algorithm other than RSA PKCS#1 or SHA1 both of which can only be
used to sign certificates and not TLS messages.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
parent 8f12296e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment