diff options
author | Jack Lloyd <[email protected]> | 2016-01-06 19:36:07 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-03-06 05:43:56 -0500 |
commit | 2f7225c5f56feab172978a0182ac27c20b02c080 (patch) | |
tree | 58c9d5d45f3772cd759cd0a52f9ccaa7891b7667 /src/lib/tls/tls_server.cpp | |
parent | 027733a7d7ae44e8eb0c96cef371ba592f4cd386 (diff) |
Check that TLS signature type is accepted by the policy.
Previously the signature hashes and algos info was used to set the v1.2
signature_algorithms extension, but if the counterparty ignored the
extension and sent something else, we wouldn't notice.
Diffstat (limited to 'src/lib/tls/tls_server.cpp')
-rw-r--r-- | src/lib/tls/tls_server.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 5ababe621..41b14ae08 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -618,7 +618,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.client_certs()->cert_chain(); const bool sig_valid = - state.client_verify()->verify(client_certs[0], state); + state.client_verify()->verify(client_certs[0], state, policy()); state.hash().update(state.handshake_io().format(contents, type)); |