openssl/doc/man3/SSL_get_shared_sigalgs.pod

=pod

=head1 NAME

SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_get_shared_sigalgs(SSL *s, int idx,
                            int *psign, int *phash, int *psignhash,
                            unsigned char *rsig, unsigned char *rhash);

 int SSL_get_sigalgs(SSL *s, int idx,
                     int *psign, int *phash, int *psignhash,
                     unsigned char *rsig, unsigned char *rhash);

=head1 DESCRIPTION

SSL_get_shared_sigalgs() returns information about the shared signature
algorithms supported by peer B<s>. The parameter B<idx> indicates the index
of the shared signature algorithm to return starting from zero. The signature
algorithm NID is written to B<*psign>, the hash NID to B<*phash> and the
sign and hash NID to B<*psignhash>. The raw signature and hash values
are written to B<*rsig> and B<*rhash>.

SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns
information about all signature algorithms supported by B<s> in the order
they were sent by the peer.

=head1 RETURN VALUES

SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of
signature algorithms or B<0> if the B<idx> parameter is out of range.

=head1 NOTES

These functions are typically called for debugging purposes (to report
the peer's preferences) or where an application wants finer control over
certificate selection. Most applications will rely on internal handling
and will not need to call them.

If an application is only interested in the highest preference shared
signature algorithm it can just set B<idx> to zero.

Any or all of the parameters B<psign>, B<phash>, B<psignhash>, B<rsig> or
B<rhash> can be set to B<NULL> if the value is not required. By setting
them all to B<NULL> and setting B<idx> to zero the total number of
signature algorithms can be determined: which can be zero.

These functions must be called after the peer has sent a list of supported
signature algorithms: after a client hello (for servers) or a certificate
request (for clients). They can (for example) be called in the certificate
callback.

Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms.
If these
functions are called on an earlier version of TLS or DTLS zero is returned.

The shared signature algorithms returned by SSL_get_shared_sigalgs() are
ordered according to configuration and peer preferences.

The raw values correspond to the on the wire form as defined by RFC5246 et al.
The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and
rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig>
NID_rsaEncryption and B<*psignhash> NID_sha256WithRSAEncryption.

If a signature algorithm is not recognised the corresponding NIDs
will be set to B<NID_undef>. This may be because the value is not supported,
is not an appropriate combination (for example MD5 and DSA) or the
signature algorithm does not use a hash (for example Ed25519).

=head1 SEE ALSO

L<SSL_CTX_set_cert_cb(3)>,
L<ssl(7)>

=head1 COPYRIGHT

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Document shared sigalgs functions. Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-07-22 23:11:55 +08:00			`=pod`

			`=head1 NAME`

			`SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms`

			`=head1 SYNOPSIS`

			`#include <openssl/ssl.h>`

			`int SSL_get_shared_sigalgs(SSL *s, int idx,`
			`int psign, int phash, int *psignhash,`
			`unsigned char rsig, unsigned char rhash);`

			`int SSL_get_sigalgs(SSL *s, int idx,`
			`int psign, int phash, int *psignhash,`
			`unsigned char rsig, unsigned char rhash);`

			`=head1 DESCRIPTION`

			`SSL_get_shared_sigalgs() returns information about the shared signature`
			`algorithms supported by peer B<s>. The parameter B<idx> indicates the index`
			`of the shared signature algorithm to return starting from zero. The signature`
			`algorithm NID is written to B<psign>, the hash NID to B<phash> and the`
			`sign and hash NID to B<*psignhash>. The raw signature and hash values`
			`are written to B<rsig> and B<rhash>.`

			`SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns`
			`information about all signature algorithms supported by B<s> in the order`
			`they were sent by the peer.`

			`=head1 RETURN VALUES`

			`SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of`
			`signature algorithms or B<0> if the B<idx> parameter is out of range.`

			`=head1 NOTES`

			`These functions are typically called for debugging purposes (to report`
			`the peer's preferences) or where an application wants finer control over`
			`certificate selection. Most applications will rely on internal handling`
			`and will not need to call them.`

			`If an application is only interested in the highest preference shared`
			`signature algorithm it can just set B<idx> to zero.`

			`Any or all of the parameters B<psign>, B<phash>, B<psignhash>, B<rsig> or`
			`B<rhash> can be set to B<NULL> if the value is not required. By setting`
			`them all to B<NULL> and setting B<idx> to zero the total number of`
			`signature algorithms can be determined: which can be zero.`

			`These functions must be called after the peer has sent a list of supported`
			`signature algorithms: after a client hello (for servers) or a certificate`
			`request (for clients). They can (for example) be called in the certificate`
			`callback.`

TLSv1.3 related changes to man pages Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6939) 2018-09-01 08:40:51 +08:00			`Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms.`
			`If these`
Document shared sigalgs functions. Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-07-22 23:11:55 +08:00			`functions are called on an earlier version of TLS or DTLS zero is returned.`

			`The shared signature algorithms returned by SSL_get_shared_sigalgs() are`
			`ordered according to configuration and peer preferences.`

			`The raw values correspond to the on the wire form as defined by RFC5246 et al.`
			`The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and`
			`rsa(1) then B<rhash> would be 4, B<rsign> 1, B<phash> NID_sha256, B<psig>`
Fix typo in SSL_get_shared_sigalgs docs psighash -> psignhash CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26151) 2024-12-11 21:31:12 +08:00			`NID_rsaEncryption and B<*psignhash> NID_sha256WithRSAEncryption.`
Document shared sigalgs functions. Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-07-22 23:11:55 +08:00
Fix spelling in pod files Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-05-02 01:52:58 +08:00			`If a signature algorithm is not recognised the corresponding NIDs`
TLSv1.3 related changes to man pages Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6939) 2018-09-01 08:40:51 +08:00			`will be set to B<NID_undef>. This may be because the value is not supported,`
			`is not an appropriate combination (for example MD5 and DSA) or the`
			`signature algorithm does not use a hash (for example Ed25519).`
Document shared sigalgs functions. Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-07-22 23:11:55 +08:00
			`=head1 SEE ALSO`

Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-18 03:21:33 +08:00			`L<SSL_CTX_set_cert_cb(3)>,`
Fix referenses in section 3 manuals Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900) 2016-11-11 16:33:09 +08:00			`L<ssl(7)>`
Document shared sigalgs functions. Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-07-22 23:11:55 +08:00
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176) 2018-09-11 20:22:14 +08:00			`Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829) 2018-12-06 21:04:44 +08:00			`Licensed under the Apache License 2.0 (the "License"). You may not use`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`