Closed Bug 1482747 Opened 3 years ago Closed 3 years ago

Add switches for signature schemes to tstclnt and selfserv


(NSS :: Tools, enhancement)

Not set


(Not tracked)



(Reporter: mt, Assigned: mt)


(Keywords: good-first-bug)


(2 files)

We don't currently provide any way to enable signature schemes that are disabled by default, nor do we provide a way to disable those that are enabled by default.  This is a simple matter of calling SSL_SignatureSchemePrefSet().

We should probably keep this simple and use the hex format that we use for defining arbitrary ciphersuites.  That is "-J :0405:01dd".  No point in defining new single character values though.

Help for this should note that order determines preference order.
This adds switches.  I chose to use the names from the RFC, which made
it easier to implement.  No tests just, just code so that it can be used.  I
will add a couple of tests to the ssl test scripts shortly.
Changes to to support testing the -J option on tstclnt and
selfserv.  These scripts are a nightmare to work with.  I made some changes that
should improve things slightly.  (I also removed tabs and trailing whitespace,
which makes this looks much worse than it is.  If that's a problem, I can
prepare another changeset.)
Comment on attachment 9000152 [details]
Bug 1482747 - Options for controlling signature scheme in tstclnt/selfserv, r?franziskus

Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision.
Attachment #9000152 - Flags: review+
Comment on attachment 9000165 [details]
Bug 1482747 - Test updates for -J options, r?franziskus

Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision.
Attachment #9000165 - Flags: review+
Assignee: nobody → martin.thomson
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.39
You need to log in before you can comment on or make changes to this bug.