Handling signature_algorithm extension on TLS1.3 server
Raja Ashok
rashok.svks at gmail.com
Thu Jun 6 15:15:57 UTC 2019
Hi,
Currently has_usable_cert() function is called on tls_choose_sigalg() to
find out the suitable certificate available. But currently rsa_pkcs1_xxx
and rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because
of this it may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx
extension. Is this behaviour correct ?
As per my understanding a new index should be created like
SSL_PKEY_RSA_PSS_RSAE_SIGN for rsa_pss_rsae_xxx type certs.
Regards,
Raja Ashok
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190606/88733d16/attachment.html>
More information about the openssl-users
mailing list