Files · d8ce141dde36c7781a5c43356feb403550cc47ec · go / golang

crypto/tls: fix client certificates support for legacy servers · d8ce141d

Filippo Valsorda authored Nov 29, 2018

signatureSchemesForCertificate was written to be used with TLS 1.3, but
ended up used for TLS 1.2 client certificates in a refactor. Since it
only supported TLS 1.3 signature algorithms, it would lead to no RSA
client certificates being sent to servers that didn't support RSA-PSS.

TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this,
but alas the OpenSSL flag -verify accepts an empty certificates list as
valid, as opposed to -Verify...

Fixes #28925

Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93
Reviewed-on: https://go-review.googlesource.com/c/151660
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

d8ce141d

Name	Last commit	Last update
.github		Loading commit data...
api		Loading commit data...
doc		Loading commit data...
lib/time		Loading commit data...
misc		Loading commit data...
src		Loading commit data...
test		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
AUTHORS		Loading commit data...
CONTRIBUTING.md		Loading commit data...
CONTRIBUTORS		Loading commit data...
LICENSE		Loading commit data...
PATENTS		Loading commit data...
README.md		Loading commit data...
favicon.ico		Loading commit data...
robots.txt		Loading commit data...

README.md