From d11eb7c789488e99c4833f9a847583b0e3f93a0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 22 Aug 2013 15:57:15 +0200
Subject: [PATCH] Fix sig_alg extension on client.

Temporary solution on server.
---
 library/ssl_cli.c | 24 ++++++++++++++++++++++++
 library/ssl_srv.c | 10 ++++------
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6c584c01b..08d3bda37 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -147,6 +147,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
     /*
      * Prepare signature_algorithms extension (TLS 1.2)
      */
+#if defined(POLARSSL_RSA_C)
 #if defined(POLARSSL_SHA512_C)
     sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
     sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
@@ -167,6 +168,29 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
     sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
     sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
 #endif
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+#if defined(POLARSSL_SHA512_C)
+    sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+    sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA256_C)
+    sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+    sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA1_C)
+    sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_MD5_C)
+    sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
+    sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#endif /* POLARSSL_ECDSA_C */
 
     /*
      * enum {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 731d2bdf2..c0808656f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -442,12 +442,10 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
     p = buf + 2;
     while( sig_alg_list_size > 0 )
     {
-        if( p[1] != SSL_SIG_RSA )
-        {
-            sig_alg_list_size -= 2;
-            p += 2;
-            continue;
-        }
+        /*
+         * For now, just ignore signature algorithm and rely on offered
+         * ciphersuites only. To be fixed later.
+         */
 #if defined(POLARSSL_SHA512_C)
         if( p[0] == SSL_HASH_SHA512 )
         {