[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_server.go

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index a3d8848caf9c354b69b7360ba626fe8ed8ce69c4..366c19a0f5bdb0f4fc3746f016b85e79e01db439 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -467,7 +467,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
                }
                if c.vers >= VersionTLS12 {
                        certReq.hasSignatureAlgorithm = true
-                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12
+                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12()
                }
 
                // An empty list of certificateAuthorities signals to
@@ -727,6 +727,8 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
        if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.ClientCAs,
                        CurrentTime:   c.config.time(),
                        Intermediates: x509.NewCertPool(),