Hi,
Currently has_usable_cert() function is called on tls_choose_sigalg() to find out the suitable certificate available. But currently rsa_pkcs1_xxx and rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because of this it may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx extension. Is this behaviour correct ?
As per my understanding a new index should be created like SSL_PKEY_RSA_PSS_RSAE_SIGN for rsa_pss_rsae_xxx type certs.
Regards,
Raja Ashok
