diff options
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 7 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/TlsTestClientImpl.cs | 8 | ||||
| -rw-r--r-- | crypto/test/src/tls/test/TlsTestConfig.cs | 4 |
3 files changed, 18 insertions, 1 deletions
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 076aaf535..f6e509b7d 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -1068,10 +1068,15 @@ namespace Org.BouncyCastle.Tls public static IList GetDefaultSupportedSignatureAlgorithms(TlsContext context) { + return GetSupportedSignatureAlgorithms(context, DefaultSupportedSigAlgs); + } + + public static IList GetSupportedSignatureAlgorithms(TlsContext context, IList candidates) + { TlsCrypto crypto = context.Crypto; IList result = Platform.CreateArrayList(DefaultSupportedSigAlgs.Count); - foreach (SignatureAndHashAlgorithm sigAndHashAlg in DefaultSupportedSigAlgs) + foreach (SignatureAndHashAlgorithm sigAndHashAlg in candidates) { AddIfSupported(result, crypto, sigAndHashAlg); } diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs index cb70dbc80..a15704af7 100644 --- a/crypto/test/src/tls/test/TlsTestClientImpl.cs +++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs @@ -95,6 +95,14 @@ namespace Org.BouncyCastle.Tls.Tests return base.GetEarlyKeyShareGroups(); } + protected override IList GetSupportedSignatureAlgorithms() + { + if (m_config.clientCHSigAlgs != null) + return TlsUtilities.GetSupportedSignatureAlgorithms(m_context, m_config.clientCHSigAlgs); + + return base.GetSupportedSignatureAlgorithms(); + } + public override bool IsFallback() { return m_config.clientFallback; diff --git a/crypto/test/src/tls/test/TlsTestConfig.cs b/crypto/test/src/tls/test/TlsTestConfig.cs index a15d4e535..81784e3e3 100644 --- a/crypto/test/src/tls/test/TlsTestConfig.cs +++ b/crypto/test/src/tls/test/TlsTestConfig.cs @@ -45,6 +45,10 @@ namespace Org.BouncyCastle.Tls.Tests /// _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used.</summary> public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null; + /// <summary>If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the + /// ClientHello. If null, uses a default set.</summary> + public IList clientCHSigAlgs = null; + /// <summary>Control whether the client will call /// <see cref="TlsUtilities.CheckPeerSigAlgs(TlsContext, Crypto.TlsCertificate[])"/> to check the server /// certificate chain.</summary> |