...
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: John Foley [mailto:fol...@cisco.com]
Sent: Monday, October 22, 2012 3:02 PM
To: openssl-dev@openssl.org
Cc: Erik Tkal
Subject: Re: OpenSSL choosing inappropriate signature algorithm
Agreed.
This does raise an interesting design dilemma. The client
Sent: Monday, October 22, 2012 3:12 PM
To: John Foley; openssl-dev@openssl.org
Subject: RE: OpenSSL choosing inappropriate signature algorithm
It appears that the clientHello only indicates overall what the client
supports. The server sends another such list in its certificateRequest
message. I'm
On Mon, Oct 22, 2012, Erik Tkal wrote:
It looks like the client sets the hash to use for each key type to the first
matching algorithm sent by the server in the certificateRequest. These
values are stored in a private structure with no apparent way for client code
to modify this, and it