From 2f7225c5f56feab172978a0182ac27c20b02c080 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Wed, 6 Jan 2016 19:36:07 -0500
Subject: Check that TLS signature type is accepted by the policy.

Previously the signature hashes and algos info was used to set the v1.2
signature_algorithms extension, but if the counterparty ignored the
extension and sent something else, we wouldn't notice.
---
 src/lib/tls/tls_handshake_state.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/lib/tls/tls_handshake_state.h')

diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h
index 6260b090f..2943a8637 100644
--- a/src/lib/tls/tls_handshake_state.h
+++ b/src/lib/tls/tls_handshake_state.h
@@ -80,9 +80,11 @@ class Handshake_State
       std::vector<byte> session_ticket() const;
 
       std::pair<std::string, Signature_Format>
-         understand_sig_format(const Public_Key& key,
-                               std::string hash_algo,
-                               std::string sig_algo) const;
+         parse_sig_format(const Public_Key& key,
+                          const std::string& hash_algo,
+                          const std::string& sig_algo,
+                          bool for_client_auth,
+                          const Policy& policy) const;
 
       std::pair<std::string, Signature_Format>
          choose_sig_format(const Private_Key& key,
-- 
cgit v1.2.3