Test config for ClientHello sig algs

2 files changed, 12 insertions, 0 deletions

diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs

index cb70dbc80..a15704af7 100644
--- a/crypto/test/src/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs
@@ -95,6 +95,14 @@ namespace Org.BouncyCastle.Tls.Tests
             return base.GetEarlyKeyShareGroups();
         }
 
+        protected override IList GetSupportedSignatureAlgorithms()
+        {
+            if (m_config.clientCHSigAlgs != null)
+                return TlsUtilities.GetSupportedSignatureAlgorithms(m_context, m_config.clientCHSigAlgs);
+
+            return base.GetSupportedSignatureAlgorithms();
+        }
+
         public override bool IsFallback()
         {
             return m_config.clientFallback;
diff --git a/crypto/test/src/tls/test/TlsTestConfig.cs b/crypto/test/src/tls/test/TlsTestConfig.cs

index a15d4e535..81784e3e3 100644
--- a/crypto/test/src/tls/test/TlsTestConfig.cs
+++ b/crypto/test/src/tls/test/TlsTestConfig.cs
@@ -45,6 +45,10 @@ namespace Org.BouncyCastle.Tls.Tests
         /// _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used.</summary>
         public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null;
 
+        /// <summary>If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the
+        /// ClientHello. If null, uses a default set.</summary>
+        public IList clientCHSigAlgs = null;
+
         /// <summary>Control whether the client will call
         /// <see cref="TlsUtilities.CheckPeerSigAlgs(TlsContext, Crypto.TlsCertificate[])"/> to check the server
         /// certificate chain.</summary>