[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_server.go

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 33325e55797bee9d95e9b766525a5e047af00a18..c2d605928d8c3337df53c1d393975a5648dab99e 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -488,7 +488,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
                }
                if c.vers >= VersionTLS12 {
                        certReq.hasSignatureAlgorithm = true
-                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12
+                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12()
                }
 
                // An empty list of certificateAuthorities signals to
@@ -743,6 +743,8 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
        if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.ClientCAs,
                        CurrentTime:   c.config.time(),
                        Intermediates: x509.NewCertPool(),