0fc37ef082
peer_sigalgs should live on SSL_HANDSHAKE. This both releases a little bit of memory after the handshake is over and also avoids the bug where the sigalgs get dropped if SSL_set_SSL_CTX is called at a bad time. See also upstream's 14e14bf6964965d02ce89805d9de867f000095aa. This only affects consumers using the old SNI callback and not select_certificate_cb. Add a test that the SNI callback works as expected. In doing so, add an SSL_CTX version of the signing preferences API. This is a property of the cert/key pair (really just the key) and should be tied to that. This makes it a bit easier to have the regression test work with TLS 1.2 too. I thought we'd fixed this already, but apparently not... :-/ BUG=95 Change-Id: I75b02fad4059e6aa46c3b05183a07d72880711b3 Reviewed-on: https://boringssl-review.googlesource.com/10445 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |
||
|---|---|---|
| .. | ||
| openssl | ||