| 2237 | |
| 2238 | impl ResolvesServerCert for MultiCertResolver { |
| 2239 | fn resolve(&self, client_hello: rustls::server::ClientHello<'_>) -> Option<Arc<CertifiedKey>> { |
| 2240 | // Get the signature schemes supported by the client |
| 2241 | let client_schemes = client_hello.signature_schemes(); |
| 2242 | |
| 2243 | // Try to find a certificate that matches the client's signature schemes |
| 2244 | for cert_key in &self.cert_keys { |
| 2245 | // Check if this certificate's signing key is compatible with any of the |
| 2246 | // client's supported signature schemes |
| 2247 | if let Some(_scheme) = cert_key.key.choose_scheme(client_schemes) { |
| 2248 | return Some(cert_key.clone()); |
| 2249 | } |
| 2250 | } |
| 2251 | |
| 2252 | // If no perfect match, return the first certificate as fallback |
| 2253 | // (This matches OpenSSL's behavior of using the first loaded cert if negotiation fails) |
| 2254 | self.cert_keys.first().cloned() |
| 2255 | } |
| 2256 | } |
| 2257 | |
| 2258 | // Helper Functions for OpenSSL Compatibility: |