• B
    Add TLS 1.3 draft-23 PSS signature algorithms · f55e99f7
    Benjamin Kaduk 提交于
    We now have a split in the signature algorithms codepoint space for
    whether the certificate's key is for rsaEncryption or a PSS-specific
    key, which should let us get rid of some special-casing that we
    previously needed to try to coax rsaEncryption keys into performing PSS.
    (This will be done in a subsequent commit.)
    
    Send the new PSS-with-PSS-specific key first in our list, so that
    we prefer the new technology to the old one.
    
    We need to update the expected certificate type in one test,
    since the "RSA-PSS+SHA256" form now corresponds to a public key
    of type rsaEncryption, so we should expect the server certificate
    type to be just "RSA".  If we want to get a server certificate
    type of "RSA-PSS", we need to use a new signature algorithm
    that cannot be represented as signature+hash, so add a test for that
    as well.
    Reviewed-by: NMatt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5068)
    f55e99f7
20-cert-select.conf 24.4 KB