Check that TLS signature type is accepted by the policy.

Previously the signature hashes and algos info was used to set the v1.2 signature_algorithms extension, but if the counterparty ignored the extension and sent something else, we wouldn't notice.
author: Jack Lloyd <[email protected]> 2016-01-06 19:36:07 -0500
committer: Jack Lloyd <[email protected]> 2016-03-06 05:43:56 -0500
commit: 2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree: 58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_handshake_state.h
parent: 027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h
index 6260b090f..2943a8637 100644
--- a/src/lib/tls/tls_handshake_state.h
+++ b/src/lib/tls/tls_handshake_state.h
@@ -80,9 +80,11 @@ class Handshake_State
       std::vector<byte> session_ticket() const;
 
       std::pair<std::string, Signature_Format>
-         understand_sig_format(const Public_Key& key,
-                               std::string hash_algo,
-                               std::string sig_algo) const;
+         parse_sig_format(const Public_Key& key,
+                          const std::string& hash_algo,
+                          const std::string& sig_algo,
+                          bool for_client_auth,
+                          const Policy& policy) const;
 
       std::pair<std::string, Signature_Format>
          choose_sig_format(const Private_Key& key,
author	Jack Lloyd <[email protected]>	2016-01-06 19:36:07 -0500
committer	Jack Lloyd <[email protected]>	2016-03-06 05:43:56 -0500
commit	2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree	58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_handshake_state.h
parent	027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)