[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_client.go

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 31bd069bbcd7c6ef08255e3bac2b4abd097b335c..b8d6e932648e719bb395268fab548d27b980e32b 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -113,7 +113,10 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
        }
 
        if hello.vers >= VersionTLS12 {
-               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+       }
+       if testingOnlyForceClientHelloSignatureAlgorithms != nil {
+               hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
        }
 
        var params ecdheParameters
@@ -821,6 +824,8 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 
        if !c.config.InsecureSkipVerify {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.RootCAs,
                        CurrentTime:   c.config.time(),
                        DNSName:       c.config.ServerName,