diff options
author | Jack Lloyd <[email protected]> | 2017-08-31 19:09:22 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-31 19:20:10 -0400 |
commit | d42bbd3540f09dd154123e97032f5bfc0b110c4e (patch) | |
tree | 0f3676a25963544b06d7c6c339f9828d95f36363 /src/lib/tls/tls_policy.cpp | |
parent | c53cfda7b5e2f57927041c67be9db10b18b2ba8a (diff) |
Enforce signature hash policy properly
Previously if the client did not send signature_algorithms, or if
it only included algos not in the policy, we would just fallback to
the hardcoded SHA-1 default of TLS v1.2
Instead check the policy before accepting anything.
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 60f8957c0..ac71024ee 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -93,6 +93,11 @@ bool Policy::allowed_signature_method(const std::string& sig_method) const return value_exists(allowed_signature_methods(), sig_method); } +bool Policy::allowed_signature_hash(const std::string& sig_hash) const + { + return value_exists(allowed_signature_hashes(), sig_hash); + } + std::vector<std::string> Policy::allowed_ecc_curves() const { // Default list is ordered by performance |