]> Cypherpunks.ru repositories - gostls13.git/blobdiff - src/crypto/tls/handshake_client.go
projects / gostls13.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[dev.boringcrypto] all: merge master into dev.boringcrypto
[gostls13.git] / src / crypto / tls / handshake_client.go
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index ed000eb6192a06b948d1b35f4bfbdeca05150a2c..1ff342214824fb7465177ab76db14c3096996b53 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -114,7 +114,10 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
        }
 
        if hello.vers >= VersionTLS12 {
-               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+               hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+       }
+       if testingOnlyForceClientHelloSignatureAlgorithms != nil {
+               hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
        }
 
        var params ecdheParameters
@@ -573,7 +576,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
                        return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
                }
 
-               signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, c.vers)
+               signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12(), c.vers)
                if err != nil {
                        c.sendAlert(alertInternalError)
                        return err
@@ -822,6 +825,8 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 
        if !c.config.InsecureSkipVerify {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.RootCAs,
                        CurrentTime:   c.config.time(),
                        DNSName:       c.config.ServerName,
Go GOST TLS 1.3