0d62f26c36
Allow configuring digest preferences for the private key. Some smartcards have limited support for signing digests, notably Windows CAPI keys and old Estonian smartcards. Chromium used the supports_digest hook in SSL_PRIVATE_KEY_METHOD to limit such keys to SHA1. However, detecting those keys was a heuristic, so some SHA256-capable keys authenticating to SHA256-only servers regressed in the switch to BoringSSL. Replace this mechanism with an API to configure digest preference order. This way heuristically-detected SHA1-only keys may be configured by Chromium as SHA1-preferring rather than SHA1-requiring. In doing so, clean up the shared_sigalgs machinery somewhat. BUG=468076 Change-Id: I996a2df213ae4d8b4062f0ab85b15262ca26f3c6 Reviewed-on: https://boringssl-review.googlesource.com/5755 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||