projects / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06112f3) | patch
tls-server: Consider supported signature algorithms when selecting key/certificate
authorPascal Knecht <pascal.knecht@hsr.ch>
Mon, 12 Oct 2020 16:58:53 +0000 (18:58 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
commit9803fb82f448c7eae03aa4505b0f24a26a8f1948
treeb31fdbcd31dc2a71715ef824028cd866fede7317tree | snapshot
parent06112f3fe26413585c832b50e36b7d91d0e96f6ecommit | diff
tls-server: Consider supported signature algorithms when selecting key/certificate

This won't work if the client doesn't send a `signature_algorithms`
extension.  But since the default is SHA1/RSA, most will send it to at
least announce stronger hash algorithms if not ECDSA.
src/libtls/tls_crypto.c diff | blob | history
src/libtls/tls_crypto.h diff | blob | history
src/libtls/tls_server.c diff | blob | history
strongSwan - IPsec VPN