Cypherpunks.ru repositories - gostls13.git/commit

author	Filippo Valsorda <hi@filippo.io>
	Thu, 29 Nov 2018 06:38:07 +0000 (01:38 -0500)
committer	Filippo Valsorda <filippo@golang.org>
	Fri, 30 Nov 2018 19:10:38 +0000 (19:10 +0000)
commit	d8ce141dde36c7781a5c43356feb403550cc47ec
tree	e2949c7489135bee4a16d0592ebf5399e2182da2	tree
parent	90812292e25796f8411f625c062cfc2e2b4bdf5e	commit \| diff

crypto/tls: fix client certificates support for legacy servers

signatureSchemesForCertificate was written to be used with TLS 1.3, but
ended up used for TLS 1.2 client certificates in a refactor. Since it
only supported TLS 1.3 signature algorithms, it would lead to no RSA
client certificates being sent to servers that didn't support RSA-PSS.

TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this,
but alas the OpenSSL flag -verify accepts an empty certificates list as
valid, as opposed to -Verify...

Fixes #28925

Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93
Reviewed-on: https://go-review.googlesource.com/c/151660
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

src/crypto/tls/auth.go		diff \| blob \| history
src/crypto/tls/common.go		diff \| blob \| history
src/crypto/tls/handshake_client.go		diff \| blob \| history
src/crypto/tls/handshake_client_test.go		diff \| blob \| history
src/crypto/tls/handshake_client_tls13.go		diff \| blob \| history
src/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/crypto/tls/handshake_server_tls13.go		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15		diff \| blob \| history