mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-02-27 04:01:45 +01:00
7120c77b14
AWS-LC does not support the SSL_CTX_set_client_hello_cb() function from OpenSSL which allows to analyze ciphers and signatures algorithm of the ClientHello. However it supports the SSL_CTX_set_select_certificate_cb() which allows the same thing but was the implementation from the boringSSL side. This patch uses the SSL_CTX_set_select_certificate_cb() as well as the SSL_early_callback_ctx_extension_get() function to get the signature algorithms. This was successfully tested with openssl s_client as well as testssl.sh. This should allow to enable more reg-tests that depend on certificate selection. Require at least AWS-LC 1.22.0.