src/crypto/tls/testdata · 9eb383e8f0be692df68ac6cbc3c9f1ccf991d342 · go / golang

crypto/tls: fix client certificates support for legacy servers · d8ce141d

Filippo Valsorda authored Nov 29, 2018

signatureSchemesForCertificate was written to be used with TLS 1.3, but
ended up used for TLS 1.2 client certificates in a refactor. Since it
only supported TLS 1.3 signature algorithms, it would lead to no RSA
client certificates being sent to servers that didn't support RSA-PSS.

TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this,
but alas the OpenSSL flag -verify accepts an empty certificates list as
valid, as opposed to -Verify...

Fixes #28925

Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93
Reviewed-on: https://go-review.googlesource.com/c/151660
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

d8ce141d

Name	Last commit	Last update
..
Client-TLSv10-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv10-ECDHE-RSA-AES		Loading commit data...
Client-TLSv10-ExportKeyingMaterial		Loading commit data...
Client-TLSv10-RSA-RC4		Loading commit data...
Client-TLSv11-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv11-ECDHE-RSA-AES		Loading commit data...
Client-TLSv11-RSA-RC4		Loading commit data...
Client-TLSv12-AES128-GCM-SHA256		Loading commit data...
Client-TLSv12-AES128-SHA256		Loading commit data...
Client-TLSv12-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ALPN		Loading commit data...
Client-TLSv12-ALPN-NoMatch		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-RSAPKCS1v15		Loading commit data...
Client-TLSv12-ClientCert-RSA-RSAPSS		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES-GCM		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES128-SHA256		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305		Loading commit data...
Client-TLSv12-ECDHE-RSA-AES		Loading commit data...
Client-TLSv12-ECDHE-RSA-AES128-SHA256		Loading commit data...
Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305		Loading commit data...
Client-TLSv12-ExportKeyingMaterial		Loading commit data...
Client-TLSv12-P256-ECDHE		Loading commit data...
Client-TLSv12-RSA-RC4		Loading commit data...
Client-TLSv12-RenegotiateOnce		Loading commit data...
Client-TLSv12-RenegotiateTwice		Loading commit data...
Client-TLSv12-RenegotiateTwiceRejected		Loading commit data...
Client-TLSv12-RenegotiationRejected		Loading commit data...
Client-TLSv12-SCT		Loading commit data...
Client-TLSv12-X25519-ECDHE		Loading commit data...
Client-TLSv13-AES128-SHA256		Loading commit data...
Client-TLSv13-AES256-SHA384		Loading commit data...
Client-TLSv13-ALPN		Loading commit data...
Client-TLSv13-CHACHA20-SHA256		Loading commit data...
Client-TLSv13-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv13-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv13-ClientCert-RSA-RSAPSS		Loading commit data...
Client-TLSv13-ECDSA		Loading commit data...
Client-TLSv13-ExportKeyingMaterial		Loading commit data...
Client-TLSv13-HelloRetryRequest		Loading commit data...
Client-TLSv13-KeyUpdate		Loading commit data...
Client-TLSv13-P256-ECDHE		Loading commit data...
Client-TLSv13-X25519-ECDHE		Loading commit data...
Server-SSLv3-RSA-3DES		Loading commit data...
Server-SSLv3-RSA-AES		Loading commit data...
Server-SSLv3-RSA-RC4		Loading commit data...
Server-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv10-ExportKeyingMaterial		Loading commit data...
Server-TLSv10-RSA-3DES		Loading commit data...
Server-TLSv10-RSA-AES		Loading commit data...
Server-TLSv10-RSA-RC4		Loading commit data...
Server-TLSv11-FallbackSCSV		Loading commit data...
Server-TLSv11-RSA-RC4		Loading commit data...
Server-TLSv12-ALPN		Loading commit data...
Server-TLSv12-ALPN-NoMatch		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceECDSA		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceRSA		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndECDSAGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given		Loading commit data...
Server-TLSv12-ClientAuthRequestedNotGiven		Loading commit data...
Server-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv12-ExportKeyingMaterial		Loading commit data...
Server-TLSv12-IssueTicket		Loading commit data...
Server-TLSv12-IssueTicketPreDisable		Loading commit data...
Server-TLSv12-P256		Loading commit data...
Server-TLSv12-RSA-3DES		Loading commit data...
Server-TLSv12-RSA-AES		Loading commit data...
Server-TLSv12-RSA-AES-GCM		Loading commit data...
Server-TLSv12-RSA-AES256-GCM-SHA384		Loading commit data...
Server-TLSv12-RSA-RC4		Loading commit data...
Server-TLSv12-RSA-RSAPKCS1v15		Loading commit data...
Server-TLSv12-RSA-RSAPSS		Loading commit data...
Server-TLSv12-Resume		Loading commit data...
Server-TLSv12-ResumeDisabled		Loading commit data...
Server-TLSv12-SNI		Loading commit data...
Server-TLSv12-SNI-GetCertificate		Loading commit data...
Server-TLSv12-SNI-GetCertificateNotFound		Loading commit data...
Server-TLSv12-X25519		Loading commit data...
Server-TLSv13-AES128-SHA256		Loading commit data...
Server-TLSv13-AES256-SHA384		Loading commit data...
Server-TLSv13-ALPN		Loading commit data...
Server-TLSv13-ALPN-NoMatch		Loading commit data...
Server-TLSv13-CHACHA20-SHA256		Loading commit data...
Server-TLSv13-ClientAuthRequestedAndECDSAGiven		Loading commit data...
Server-TLSv13-ClientAuthRequestedAndGiven		Loading commit data...
Server-TLSv13-ClientAuthRequestedNotGiven		Loading commit data...
Server-TLSv13-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv13-ExportKeyingMaterial		Loading commit data...
Server-TLSv13-HelloRetryRequest		Loading commit data...
Server-TLSv13-IssueTicket		Loading commit data...
Server-TLSv13-IssueTicketPreDisable		Loading commit data...
Server-TLSv13-P256		Loading commit data...
Server-TLSv13-RSA-RSAPSS		Loading commit data...
Server-TLSv13-Resume		Loading commit data...
Server-TLSv13-Resume-HelloRetryRequest		Loading commit data...
Server-TLSv13-ResumeDisabled		Loading commit data...
Server-TLSv13-X25519		Loading commit data...
example-cert.pem		Loading commit data...
example-key.pem		Loading commit data...