On 20/06/18 09:44, Devang Kubavat wrote:
> Hi all,
>
> I set the signature algorithm using in client,
>
> /* signature algorithm list */
>
> (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”);
>
>
>
> Expected behavior: client only accepts server certificate which has
> signature algorithm SHA512withRSAencryption during TLS handshake.
>
>
>
> But, here even I set “RSA+SHA512” signature algorithm, still client is
> accepting the server certificate which has signature algorithm
> SHA256withRSAencryption. Why?
As I said in reply to your other post:
"The function "SSL_CTX_set1_client_sigalgs_list()" is for setting
signature algorithms related to *client authentication*. This is not the
same as the sig algs sent in the ClientHello. For that you need to use
SSL_CTX_set1_sigalgs_list()."
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
