Handling signature_algorithm extension on TLS1.3 server
rashok.svks at gmail.com
Thu Jun 6 15:15:57 UTC 2019
Currently has_usable_cert() function is called on tls_choose_sigalg() to
find out the suitable certificate available. But currently rsa_pkcs1_xxx
and rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because
of this it may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx
extension. Is this behaviour correct ?
As per my understanding a new index should be created like
SSL_PKEY_RSA_PSS_RSAE_SIGN for rsa_pss_rsae_xxx type certs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users