commit 2424d84dd6dbdc0d32a4c80e6810d168f722ce0b
author Robert Sloan <varomodt@google.com> Mon May 01 07:46:28 2017 -0700
committer Robert Sloan <varomodt@google.com> Mon May 01 07:46:37 2017 -0700
tree 8727f96cb5c16125aa208b34cea46fe26473dcb1
parent 9254e681d446a8105bd66f08bae1252d4d89a139

external/boringssl: Sync to 58e449904e248f34bdfc2be7a609c58bcb0257b7.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/2c1523733a71166943e52da11ac2eae82b0227b8..58e449904e248f34bdfc2be7a609c58bcb0257b7

Test: BoringSSL CTS Presubmits
Change-Id: I1a825139c8c7076d09b8a3acc5f09a547a7cbe0d

src/ssl/handshake_server.c

diff --git a/src/ssl/handshake_server.c b/src/ssl/handshake_server.c
index 63027d6..4eaf3cb 100644
--- a/src/ssl/handshake_server.c
+++ b/src/ssl/handshake_server.c
@@ -1722,11 +1722,8 @@
       goto f_err;
     }
     hs->new_session->peer_signature_algorithm = signature_algorithm;
-  } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
-    signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-  } else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
-    signature_algorithm = SSL_SIGN_ECDSA_SHA1;
-  } else {
+  } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
+                                                  hs->peer_pubkey)) {
     al = SSL_AD_UNSUPPORTED_CERTIFICATE;
     OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
     goto f_err;