[dev.boringcrypto] all: merge master (2f0da6d) into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_client.go

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index e684b21d527223e850e8a74d802e9ac0521e9753..94747a7c4109a8c22e923747c79e7a72ee12b21d 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -113,7 +113,10 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
        }
 
        if hello.vers >= VersionTLS12 {
-               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+       }
+       if testingOnlyForceClientHelloSignatureAlgorithms != nil {
+               hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
        }
 
        var params ecdheParameters
@@ -835,6 +838,8 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 
        if !c.config.InsecureSkipVerify {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.RootCAs,
                        CurrentTime:   c.config.time(),
                        DNSName:       c.config.ServerName,