• Filippo Valsorda's avatar
    crypto/tls: fix client certificates support for legacy servers · d8ce141d
    Filippo Valsorda authored
    signatureSchemesForCertificate was written to be used with TLS 1.3, but
    ended up used for TLS 1.2 client certificates in a refactor. Since it
    only supported TLS 1.3 signature algorithms, it would lead to no RSA
    client certificates being sent to servers that didn't support RSA-PSS.
    
    TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this,
    but alas the OpenSSL flag -verify accepts an empty certificates list as
    valid, as opposed to -Verify...
    
    Fixes #28925
    
    Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93
    Reviewed-on: https://go-review.googlesource.com/c/151660
    Run-TryBot: Filippo Valsorda <filippo@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: 's avatarAdam Langley <agl@golang.org>
    d8ce141d
Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 10.1 KB