tls: add option to override signature algorithms

Passes the list down to SSL_CTX_set1_sigalgs_list.

Option to get the list of shared signature algorithms
from a TLS socket added as well for testing.

Signed-off-by: Anton Gerasimov <agerasimov@twilio.com>

PR-URL: https://github.com/nodejs/node/pull/29598
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>

1 files changed, 13 insertions, 0 deletions

diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index efe9040956..f24cfcbca6 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -153,6 +153,19 @@ exports.createSecureContext = function createSecureContext(options) {
     }
   }
 
+  const sigalgs = options.sigalgs;
+  if (sigalgs !== undefined) {
+    if (typeof sigalgs !== 'string') {
+      throw new ERR_INVALID_ARG_TYPE('options.sigalgs', 'string', sigalgs);
+    }
+
+    if (sigalgs === '') {
+      throw new ERR_INVALID_OPT_VALUE('sigalgs', sigalgs);
+    }
+
+    c.context.setSigalgs(sigalgs);
+  }
+
   if (options.ciphers && typeof options.ciphers !== 'string') {
     throw new ERR_INVALID_ARG_TYPE(
       'options.ciphers', 'string', options.ciphers);