Separate client and server permitted signature algorithm support: by default
[openssl.git] / apps / s_client.c
index a971ad6..b7809c5 100644 (file)
@@ -607,6 +607,7 @@ int MAIN(int argc, char **argv)
        char *servername = NULL; 
        char *curves=NULL;
        char *sigalgs=NULL;
+       char *client_sigalgs=NULL;
         tlsextctx tlsextcbp = 
         {NULL,0};
 # ifndef OPENSSL_NO_NEXTPROTONEG
@@ -964,6 +965,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        sigalgs= *(++argv);
                        }
+               else if (strcmp(*argv,"-client_sigalgs") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       client_sigalgs= *(++argv);
+                       }
 #endif
 #ifndef OPENSSL_NO_JPAKE
                else if (strcmp(*argv,"-jpake") == 0)
@@ -1215,6 +1221,12 @@ bad:
                ERR_print_errors(bio_err);
                goto end;
        }
+       if (client_sigalgs != NULL)
+               if(!SSL_CTX_set1_client_sigalgs_list(ctx,client_sigalgs)) {
+               BIO_printf(bio_err,"error setting client signature algorithms list\n");
+               ERR_print_errors(bio_err);
+               goto end;
+       }
        if (servername != NULL)
                {
                tlsextcbp.biodebug = bio_err;