MINOR: ssl: allow to change the client-sigalgs on server lines

This patch introduces the "client-sigalgs" keyword for the server line, which allows to configure the list of server signature algorithms negociated during the handshake. Also available as "ssl-default-server-client-sigalgs" in the global section.
2026-02-10 05:32:46 +02:00 · 2023-06-29 14:11:46 +02:00
parent 717f0ad995
commit 593c895eed
5 changed files with 73 additions and 2 deletions
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@@ -393,6 +393,7 @@ struct server {
 		char *crl_file;			/* CRLfile to use on verify */
 		char *client_crt;		/* client certificate to send */
 		char *sigalgs;			/* Signature algorithms */
+		char *client_sigalgs;           /* Client Signature algorithms */
 		struct sample_expr *sni;        /* sample expression for SNI */
 		char *npn_str;                  /* NPN protocol string */
 		int npn_len;                    /* NPN protocol string length */
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -285,6 +285,7 @@ struct global_ssl {
 #endif
 #if defined(SSL_CTX_set1_sigalgs_list)
 	char *listen_default_client_sigalgs;
+	char *connect_default_client_sigalgs;
 #endif
 	int listen_default_ssloptions;
 	int connect_default_ssloptions;