Fix sig_alg extension on client.
Temporary solution on server.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6c584c0..08d3bda 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -147,6 +147,7 @@
/*
* Prepare signature_algorithms extension (TLS 1.2)
*/
+#if defined(POLARSSL_RSA_C)
#if defined(POLARSSL_SHA512_C)
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
@@ -167,6 +168,29 @@
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
#endif
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+#if defined(POLARSSL_SHA512_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_MD5_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#endif /* POLARSSL_ECDSA_C */
/*
* enum {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 731d2bd..c080865 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -442,12 +442,10 @@
p = buf + 2;
while( sig_alg_list_size > 0 )
{
- if( p[1] != SSL_SIG_RSA )
- {
- sig_alg_list_size -= 2;
- p += 2;
- continue;
- }
+ /*
+ * For now, just ignore signature algorithm and rely on offered
+ * ciphersuites only. To be fixed later.
+ */
#if defined(POLARSSL_SHA512_C)
if( p[0] == SSL_HASH_SHA512 )
{