MEDIUM: ssl: set FIPS-approved sigalgs defaults for AWS-LC FIPS builds
When AWS-LC is built in FIPS mode, unconditionally override the
compile-time signature algorithm defaults with the FIPS-approved set
before config parsing. Explicit ssl-default-{bind,server}-sigalgs
keywords in the global section still take precedence over these
defaults.
The approved set is defined as macros in include/haproxy/defaults.h
alongside the existing CONNECT/LISTEN_DEFAULT_FIPS_CIPHERS family:
CONNECT/LISTEN_DEFAULT_FIPS_SIGALGS - ECDSA (P-256/384/521),
RSA-PSS and RSA-PKCS1
with SHA-256/384/512
CONNECT/LISTEN_DEFAULT_FIPS_CLIENT_SIGALGS - same set for client
certificate sigalgs
SHA-1 based algorithms and non-FIPS primitives (
ed25519, ed448) are
excluded from the defaults.