/* Set supported signature algorithms */
static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
{
int rv;
if (cctx->ssl)
rv = SSL_set1_sigalgs_list(cctx->ssl, value);
/* NB: ctx == NULL performs syntax checking only */
else
rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);
return rv > 0;
}
void SSLContext::setSignatureAlgorithms(
const std::vector<std::string>& sigalgs) {
if (sigalgs.size() == 0) {
return;
}
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
std::string opensslSigAlgsList;
join(":", sigalgs, opensslSigAlgsList);
int rc = SSL_CTX_set1_sigalgs_list(ctx_, opensslSigAlgsList.c_str());
if (rc == 0) {
throw std::runtime_error("SSL_CTX_set1_sigalgs_list " + getErrors());
}
#endif
}
static int test_set_sigalgs(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
const sigalgs_list *curr;
int testctx;
/* Should never happen */
if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
return 0;
testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
curr = testctx ? &testsigalgs[idx]
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
return 0;
}
if (testctx) {
int ret;
if (curr->list != NULL)
ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
else
ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
if (!ret) {
if (curr->valid)
printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
idx);
else
testresult = 1;
goto end;
}
if (!curr->valid) {
printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
goto end;
}
}
if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
printf("Unable to create SSL objects\n");
goto end;
}
if (!testctx) {
int ret;
if (curr->list != NULL)
ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
else
ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
if (!ret) {
if (curr->valid)
printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
else
testresult = 1;
goto end;
}
if (!curr->valid) {
printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
goto end;
}
}
if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
printf("Unexpected return value creating SSL connection (%d)\n", idx);
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
