Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow SHA-1 in SSL renegotiation tests

Browse source 
In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.

A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension.
This commit is contained in:
Gilles Peskine 2017-05-09 14:57:45 +02:00 committed by Manuel Pégourié-Gonnard
parent 2dc81a0cbc
commit cd3c845157
2 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_cli.c
View file

@ -2134,8 +2134,8 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
"that was not offered" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
*(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}