summaryrefslogtreecommitdiff
path: root/src/lib/libtls/man
diff options
context:
space:
mode:
authortb <>2024-10-17 06:19:06 +0000
committertb <>2024-10-17 06:19:06 +0000
commit3b3dd97a87b8d106bf71e76cb58356a4fd3ae645 (patch)
tree33f137101108b97e017678abe4dd14ea060c62f8 /src/lib/libtls/man
parent45f2e9bf70fc151f364e5545180b2dea2e6b0145 (diff)
downloadopenbsd-3b3dd97a87b8d106bf71e76cb58356a4fd3ae645.tar.gz
openbsd-3b3dd97a87b8d106bf71e76cb58356a4fd3ae645.tar.bz2
openbsd-3b3dd97a87b8d106bf71e76cb58356a4fd3ae645.zip
libssl: rework cert signature security level
This switches to using the X509_get_signature_info() API instead of hand rolling a part of it. This is slightly tangly since the security level API is strange. In particular, some failures are passed to the security level callback so that applications can override them. This makes the security level API handle RSA-PSS and EdDSA certificates correctly and the handshake with such can progress a bit further. Of note, we check that the certs are actually suitable for use in TLS per RFC 8446 contrary to what OpenSSL does. ok beck jsing
Diffstat (limited to 'src/lib/libtls/man')
0 files changed, 0 insertions, 0 deletions