Currently, the CertificateSelection function calls the schemeValidForKey function, which checks if the signature type (RSA_PKCS1, RSA_PSS, or ECDSA) is correct for the given key, but does not check if the underlying group is correct for the signature algorithm in the ECDSA case. This causes the function to sometimes output a signature algorithm incompatible with the chosen certificate.
I propose to add the following check inside schemeValidForKey:
Currently, the
CertificateSelectionfunction calls theschemeValidForKeyfunction, which checks if the signature type (RSA_PKCS1, RSA_PSS, or ECDSA) is correct for the given key, but does not check if the underlying group is correct for the signature algorithm in the ECDSA case. This causes the function to sometimes output a signature algorithm incompatible with the chosen certificate.I propose to add the following check inside
schemeValidForKey:If you agree, I will submit a PR with this change.
@chris-wood