diff options
Diffstat (limited to 'src/crypto/tls/handshake_server.go')
-rw-r--r-- | src/crypto/tls/handshake_server.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index 5db605681e..2d71d0869a 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -812,13 +812,14 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error { if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 { opts := x509.VerifyOptions{ - IsBoring: isBoringCertificate, - Roots: c.config.ClientCAs, CurrentTime: c.config.time(), Intermediates: x509.NewCertPool(), KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, } + if needFIPS() { + opts.IsBoring = isBoringCertificate + } for _, cert := range certs[1:] { opts.Intermediates.AddCert(cert) |