diff options
author | Russ Cox <rsc@golang.org> | 2022-04-27 09:02:52 -0400 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2022-04-29 14:23:22 +0000 |
commit | f4c0f42f99476ed1621527f04364610ed2acf6bb (patch) | |
tree | 1c77f982420449676b017f055dad47a7f3a01339 /src/crypto/tls/handshake_client.go | |
parent | 1f0547c4ec4fe18d46192d8c670190111b1d3d79 (diff) | |
download | go-f4c0f42f99476ed1621527f04364610ed2acf6bb.tar.gz go-f4c0f42f99476ed1621527f04364610ed2acf6bb.zip |
[dev.boringcrypto] all: add boringcrypto build tags
A plain make.bash in this tree will produce a working,
standard Go toolchain, not a BoringCrypto-enabled one.
The BoringCrypto-enabled one will be created with:
GOEXPERIMENT=boringcrypto ./make.bash
For #51940.
Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/395881
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Diffstat (limited to 'src/crypto/tls/handshake_client.go')
-rw-r--r-- | src/crypto/tls/handshake_client.go | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 7bf0f84417c..de19b7ede57 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -34,6 +34,8 @@ type clientHandshakeState struct { session *ClientSessionState } +var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme + func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) { config := c.config if len(config.ServerName) == 0 && !config.InsecureSkipVerify { @@ -859,13 +861,14 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { if !c.config.InsecureSkipVerify { opts := x509.VerifyOptions{ - IsBoring: isBoringCertificate, - Roots: c.config.RootCAs, CurrentTime: c.config.time(), DNSName: c.config.ServerName, Intermediates: x509.NewCertPool(), } + if needFIPS() { + opts.IsBoring = isBoringCertificate + } for _, cert := range certs[1:] { opts.Intermediates.AddCert(cert) } |