• Joël Stemmer's avatar
    crypto/tls: return correct hash function when using client certificates in handshake · ebe3d693
    Joël Stemmer authored
    Commit f1d669ae added support for
    AES_256_GCM_SHA384 cipher suites as specified in RFC5289. However, it
    did not take the arbitrary hash function into account in the TLS client
    handshake when using client certificates.
    
    The hashForClientCertificate method always returned SHA256 as its
    hashing function, even if it actually used a different one to calculate
    its digest. Setting up the connection would eventually fail with the
    error "tls: failed to sign handshake with client certificate:
    crypto/rsa: input must be hashed message".
    
    Included is an additional test for this specific situation that uses the
    SHA384 hash.
    
    Fixes #9808
    
    Change-Id: Iccbf4ab225633471ef897907c208ad31f92855a3
    Reviewed-on: https://go-review.googlesource.com/7040Reviewed-by: 's avatarAdam Langley <agl@golang.org>
    Run-TryBot: Adam Langley <agl@golang.org>
    ebe3d693
Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 10.4 KB