Add API that gets connection's negotiated signature scheme / algorithm

aws / s2n-tls

An implementation of the TLS/SSL protocols

https://aws.github.io/s2n-tls/usage-guide/

Apache License 2.0

4.53k stars 708 forks source link

Add API that gets connection's negotiated signature scheme / algorithm #1735

Open zz85 opened 4 years ago

zz85 commented 4 years ago

Problem:

It would be useful to know what signature scheme has been negotiated for a connection. This can also be used by s2nd and s2nc to display the signature algorithm used in a connection.

Proposed Solution:

Add an api eg. s2n_connection_get_selected_signature_scheme().

NLMalloy commented 4 years ago

As a component of this, we may wanted revisit how we update the sig_scheme in s2n_client_cert_verify_recv() in tls/s2n_client_cert_verify.c. Currently for TLS 1.2, we validate the chosen_sig_scheme is acceptable, but we do not set it in the connection for conn->secure.client_cert_sig_scheme when the server receives the message