Defer sigalgs selection until the certificate is known. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2019-03-25 17:21:18 +0000
committer	jsing <>	2019-03-25 17:21:18 +0000
commit	c46928243f6c8aa22e46219e22df33de006a501f (patch)
tree	eb5e58a5d9b8198b8475b96156e908c92c86e532 /src/lib/libc/stdlib/atexit.c
parent	efbbd2468336b87fa8f4dc802ec09d5638f8f0cb (diff)
download	openbsd-c46928243f6c8aa22e46219e22df33de006a501f.tar.gz openbsd-c46928243f6c8aa22e46219e22df33de006a501f.tar.bz2 openbsd-c46928243f6c8aa22e46219e22df33de006a501f.zip

Defer sigalgs selection until the certificate is known.

Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.

Diffstat (limited to 'src/lib/libc/stdlib/atexit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: