Check that TLS signature type is accepted by the policy.

Previously the signature hashes and algos info was used to set the v1.2 signature_algorithms extension, but if the counterparty ignored the extension and sent something else, we wouldn't notice.
author: Jack Lloyd <[email protected]> 2016-01-06 19:36:07 -0500
committer: Jack Lloyd <[email protected]> 2016-03-06 05:43:56 -0500
commit: 2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree: 58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_messages.h
parent: 027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 00033826f..3bee89e13 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -395,7 +395,8 @@ class Certificate_Verify final : public Handshake_Message
       * @param state the handshake state
       */
       bool verify(const X509_Certificate& cert,
-                  const Handshake_State& state) const;
+                  const Handshake_State& state,
+                  const Policy& policy) const;
 
       Certificate_Verify(Handshake_IO& io,
                          Handshake_State& state,
@@ -463,7 +464,8 @@ class Server_Key_Exchange final : public Handshake_Message
       const std::vector<byte>& params() const { return m_params; }
 
       bool verify(const Public_Key& server_key,
-                  const Handshake_State& state) const;
+                  const Handshake_State& state,
+                  const Policy& policy) const;
 
       // Only valid for certain kex types
       const Private_Key& server_kex_key() const;
author	Jack Lloyd <[email protected]>	2016-01-06 19:36:07 -0500
committer	Jack Lloyd <[email protected]>	2016-03-06 05:43:56 -0500
commit	2f7225c5f56feab172978a0182ac27c20b02c080 (patch)
tree	58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_messages.h
parent	027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff)