diff options
Diffstat (limited to 'src/crypto/tls/handshake_server.go')
-rw-r--r-- | src/crypto/tls/handshake_server.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index ac491bad39..f2ad2262f0 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -419,7 +419,7 @@ func (hs *serverHandshakeState) doFullHandshake() error { } if c.vers >= VersionTLS12 { certReq.hasSignatureAndHash = true - certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms + certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms() } // An empty list of certificateAuthorities signals to @@ -520,7 +520,7 @@ func (hs *serverHandshakeState) doFullHandshake() error { } // Determine the signature type. - _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms, c.vers) + _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms(), c.vers) if err != nil { c.sendAlert(alertIllegalParameter) return err @@ -678,6 +678,8 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 { opts := x509.VerifyOptions{ + IsBoring: isBoringCertificate, + Roots: c.config.ClientCAs, CurrentTime: c.config.time(), Intermediates: x509.NewCertPool(), |