Fix TLS signature algorithm intolerance

GH #1708
author: Jack Lloyd <[email protected]> 2018-10-16 12:08:48 -0400
committer: Jack Lloyd <[email protected]> 2018-10-16 12:08:48 -0400
commit: 138e558099ffac68bdd10a89c6c9172b17228878 (patch)
tree: 943ea3d338ac6bceade44ca4375ee4cbbef82b97 /src/tests/unit_tls.cpp
parent: 7f296b44e06b29b01d04ba638c3f179a81f3201c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index a26c6e9f7..f60e44a14 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -391,6 +391,16 @@ class TLS_Handshake_Test final
             void tls_modify_extensions(Botan::TLS::Extensions& extn, Botan::TLS::Connection_Side which_side) override
                {
                extn.add(new Test_Extension(which_side));
+
+               // Insert an unsupported signature scheme as highest prio, to ensure we are tolerant of this
+               if(auto sig_algs = extn.get<Botan::TLS::Signature_Algorithms>())
+                  {
+                  std::vector<Botan::TLS::Signature_Scheme> schemes = sig_algs->supported_schemes();
+                  // 0x0301 is RSA PKCS1/SHA-224, which is not supported anymore
+                  schemes.insert(schemes.begin(), static_cast<Botan::TLS::Signature_Scheme>(0x0301));
+                  // This replaces the previous extension value
+                  extn.add(new Botan::TLS::Signature_Algorithms(schemes));
+                  }
                }
 
             void tls_examine_extensions(const Botan::TLS::Extensions& extn, Botan::TLS::Connection_Side which_side) override
author	Jack Lloyd <[email protected]>	2018-10-16 12:08:48 -0400
committer	Jack Lloyd <[email protected]>	2018-10-16 12:08:48 -0400
commit	138e558099ffac68bdd10a89c6c9172b17228878 (patch)
tree	943ea3d338ac6bceade44ca4375ee4cbbef82b97 /src/tests/unit_tls.cpp
parent	7f296b44e06b29b01d04ba638c3f179a81f3201c (diff)