Check that TLS signature type is accepted by the policy.

Previously the signature hashes and algos info was used to set the v1.2 signature_algorithms extension, but if the counterparty ignored the extension and sent something else, we wouldn't notice.
author: Jack Lloyd <[email protected]> 2016-01-06 19:36:07 -0500
committer: Jack Lloyd <[email protected]> 2016-03-06 05:43:56 -0500
commit: 2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree: 58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_client.cpp
parent: 027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 3a219ccff..301c77c6b 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -394,7 +394,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
          {
          const Public_Key& server_key = state.get_server_public_Key();
 
-         if(!state.server_kex()->verify(server_key, state))
+         if(!state.server_kex()->verify(server_key, state, policy()))
             {
             throw TLS_Exception(Alert::DECRYPT_ERROR,
                                 "Bad signature on server key exchange");
author	Jack Lloyd <[email protected]>	2016-01-06 19:36:07 -0500
committer	Jack Lloyd <[email protected]>	2016-03-06 05:43:56 -0500
commit	2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree	58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_client.cpp
parent	027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)