libssl: rework cert signature security level - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-10-17 06:19:06 +0000
committer	tb <>	2024-10-17 06:19:06 +0000
commit	46b9e823a03f4d0f680a05c9f7d55e5277120920 (patch)
tree	33f137101108b97e017678abe4dd14ea060c62f8 /src/lib/libcrypto/cryptlib.c
parent	d11f92ed77a84750d747201a5ebdf6e31f5d11e7 (diff)
download	openbsd-46b9e823a03f4d0f680a05c9f7d55e5277120920.tar.gz openbsd-46b9e823a03f4d0f680a05c9f7d55e5277120920.tar.bz2 openbsd-46b9e823a03f4d0f680a05c9f7d55e5277120920.zip

libssl: rework cert signature security level

This switches to using the X509_get_signature_info() API instead of hand rolling a part of it. This is slightly tangly since the security level API is strange. In particular, some failures are passed to the security level callback so that applications can override them. This makes the security level API handle RSA-PSS and EdDSA certificates correctly and the handshake with such can progress a bit further. Of note, we check that the certs are actually suitable for use in TLS per RFC 8446 contrary to what OpenSSL does. ok beck jsing

Diffstat (limited to 'src/lib/libcrypto/cryptlib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: