From 3d61c38ea0e5b4584672f6b33fb75b4176f0bc01 Mon Sep 17 00:00:00 2001
From: Viktor Sokolovskiy <maokaman@gmail.com>
Date: Fri, 17 Apr 2026 17:11:12 +0300
Subject: [PATCH] ssl: add TLS 1.2 RSA-PSS debug trace

Signed-off-by: Viktor Sokolovskiy <maokaman@gmail.com>
---
 library/ssl_tls12_client.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index ddd2ad6e44..6d4b0f2149 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1779,14 +1779,17 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl,
 #if defined(PSA_WANT_ALG_RSA_PSS)
 #if defined(PSA_WANT_ALG_SHA_256)
             case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                break;
 #endif
 #if defined(PSA_WANT_ALG_SHA_384)
             case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-                break;
 #endif
 #if defined(PSA_WANT_ALG_SHA_512)
             case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+#endif
+#if defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA_512)
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("Accepting TLS 1.2 RSA-PSS signature algorithm %s via compatibility exception",
+                                       mbedtls_ssl_sig_alg_to_str(sig_alg)));
                 break;
 #endif
 #endif /* PSA_WANT_ALG_RSA_PSS */