commit | 2424d84dd6dbdc0d32a4c80e6810d168f722ce0b | [log] [tgz] |
---|---|---|
author | Robert Sloan <varomodt@google.com> | Mon May 01 07:46:28 2017 -0700 |
committer | Robert Sloan <varomodt@google.com> | Mon May 01 07:46:37 2017 -0700 |
tree | 8727f96cb5c16125aa208b34cea46fe26473dcb1 | |
parent | 9254e681d446a8105bd66f08bae1252d4d89a139 [diff] [blame] |
external/boringssl: Sync to 58e449904e248f34bdfc2be7a609c58bcb0257b7. This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/2c1523733a71166943e52da11ac2eae82b0227b8..58e449904e248f34bdfc2be7a609c58bcb0257b7 Test: BoringSSL CTS Presubmits Change-Id: I1a825139c8c7076d09b8a3acc5f09a547a7cbe0d
diff --git a/src/ssl/handshake_server.c b/src/ssl/handshake_server.c index 63027d6..4eaf3cb 100644 --- a/src/ssl/handshake_server.c +++ b/src/ssl/handshake_server.c
@@ -1722,11 +1722,8 @@ goto f_err; } hs->new_session->peer_signature_algorithm = signature_algorithm; - } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) { - signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1; - } else if (hs->peer_pubkey->type == EVP_PKEY_EC) { - signature_algorithm = SSL_SIGN_ECDSA_SHA1; - } else { + } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm, + hs->peer_pubkey)) { al = SSL_AD_UNSUPPORTED_CERTIFICATE; OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); goto f_err;