github.com/mono/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	David Benjamin <davidben@google.com>	2016-08-01 19:12:47 +0300
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	2016-08-01 22:47:26 +0300
commit	489016550997ba53185658d501d972517a1b79b5 (patch)
tree	696a9665c2a996128a59a32d2f6434fdd9120ee6 /include/openssl
parent	0c40a96455b0f720267b9eeb47704c85ee883121 (diff)

Empty signature algorithms in TLS 1.3 CertificateRequest is illegal.

In TLS 1.2, this was allowed to be empty for the weird SHA-1 fallback logic. In TLS 1.3, not only is the fallback logic gone, but omitting them is a syntactic error. struct { opaque certificate_request_context<0..2^8-1>; SignatureScheme supported_signature_algorithms<2..2^16-2>; DistinguishedName certificate_authorities<0..2^16-1>; CertificateExtension certificate_extensions<0..2^16-1>; } CertificateRequest; Thanks to Eric Rescorla for pointing this out. Change-Id: I4991e59bc4647bb665aaf920ed4836191cea3a5a Reviewed-on: https://boringssl-review.googlesource.com/9062 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

Diffstat (limited to 'include/openssl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: