Update documentation for SSL_set1_sigalgs()

These functions can now take both "sig+hash" strings and
algorithm-specific identifiers like "rsa_pss_pss_sha256" that
indicate a particular entry from the TLS signature algorithm
registry.

Also clarify that only the "_list" form allows for the new-style names
(the non-"list" interfaces take sig and hasn NIDs, which cannot
access all of the new-style schemes).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)

1 files changed, 5 insertions, 3 deletions

diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod
index 40c4211257..a634eb8821 100644
--- a/doc/man3/SSL_CTX_set1_sigalgs.pod
+++ b/doc/man3/SSL_CTX_set1_sigalgs.pod
@@ -30,8 +30,10 @@ algorithms.
 
 SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported
 signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
-must be a null terminated string consisting or a colon separated list of
-public key algorithms and digests separated by B<+>.
+must be a null terminated string consisting of a colon separated list of
+elements, where each element is either a combination of a public key
+algorithm and a digest separated by B<+>, or a TLS 1.3-style named
+SignatureScheme such as rsa_pss_pss_sha256.
 
 SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(),
 SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set
@@ -77,7 +79,7 @@ example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and
 the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".
 
 The TLS 1.3 signature scheme names (such as "rsa_pss_sha256") can also
-be used.
+be used with the B<_list> forms of the API.
 
 The use of MD5 as a digest is strongly discouraged due to security weaknesses.