aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/tls/handshake_server.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/tls/handshake_server.go')
-rw-r--r--src/crypto/tls/handshake_server.go6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index ac491bad39..f2ad2262f0 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -419,7 +419,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
}
if c.vers >= VersionTLS12 {
certReq.hasSignatureAndHash = true
- certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+ certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
}
// An empty list of certificateAuthorities signals to
@@ -520,7 +520,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
}
// Determine the signature type.
- _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms, c.vers)
+ _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms(), c.vers)
if err != nil {
c.sendAlert(alertIllegalParameter)
return err
@@ -678,6 +678,8 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c
if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
opts := x509.VerifyOptions{
+ IsBoring: isBoringCertificate,
+
Roots: c.config.ClientCAs,
CurrentTime: c.config.time(),
Intermediates: x509.NewCertPool(),
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion