mirror of https://github.com/openssl/openssl.git
a5f98e6da5
- Tolerate RSA PKCS#1 *certificate* signatures when the peer sigals include RSA PSS with the same digest. Now that we're more strict about not sending sigalgs that are out of protocol range, when the client supports TLS 1.3 only, we might refuse to return an RSA PKCS#1-signed cert. - Don't send TLS 1.3 sigalgs when requesting client certs from a TLS 1.2 client. Fixes: #1144 Fixes: #25277 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27166) |
||
|---|---|---|
| .. | ||
| cert.json.in | ||
| tls-fuzzer-cert.sh | ||
| tlsfuzzer.sh | ||