diff options
Diffstat (limited to 'src/crypto/tls/handshake_client.go')
-rw-r--r-- | src/crypto/tls/handshake_client.go | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 7bf0f84417..de19b7ede5 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -34,6 +34,8 @@ type clientHandshakeState struct { session *ClientSessionState } +var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme + func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) { config := c.config if len(config.ServerName) == 0 && !config.InsecureSkipVerify { @@ -859,13 +861,14 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { if !c.config.InsecureSkipVerify { opts := x509.VerifyOptions{ - IsBoring: isBoringCertificate, - Roots: c.config.RootCAs, CurrentTime: c.config.time(), DNSName: c.config.ServerName, Intermediates: x509.NewCertPool(), } + if needFIPS() { + opts.IsBoring = isBoringCertificate + } for _, cert := range certs[1:] { opts.Intermediates.AddCert(cert) } |