diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-07-03 12:51:14 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-07-03 12:51:14 +0000 |
commit | 3dbc46dfcd918f7869496e34b0896dbac01d25a0 (patch) | |
tree | d4c2dae8f5b1866ea96bd169e7beb26e84d49202 /apps/s_client.c | |
parent | 32e03a3016b93bf0f763c6daf1eeeada7db2256c (diff) | |
download | openssl-3dbc46dfcd918f7869496e34b0896dbac01d25a0.tar.gz |
Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index a971ad6a61..b7809c5baf 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -607,6 +607,7 @@ int MAIN(int argc, char **argv) char *servername = NULL; char *curves=NULL; char *sigalgs=NULL; + char *client_sigalgs=NULL; tlsextctx tlsextcbp = {NULL,0}; # ifndef OPENSSL_NO_NEXTPROTONEG @@ -964,6 +965,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; sigalgs= *(++argv); } + else if (strcmp(*argv,"-client_sigalgs") == 0) + { + if (--argc < 1) goto bad; + client_sigalgs= *(++argv); + } #endif #ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) @@ -1215,6 +1221,12 @@ bad: ERR_print_errors(bio_err); goto end; } + if (client_sigalgs != NULL) + if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) { + BIO_printf(bio_err,"error setting client signature algorithms list\n"); + ERR_print_errors(bio_err); + goto end; + } if (servername != NULL) { tlsextcbp.biodebug = bio_err; |