lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Allow SHA-1 in SSL renegotiation tests

Browse Source 
In the TLS test client, allow SHA-1 as a signature hash algorithm.
Without this, the renegotation tests failed.

A previous commit had allowed SHA-1 via the certificate profile but
that only applied before the initial negotiation which includes the
signature_algorithms extension.
This commit is contained in:
Gilles Peskine
2017-05-09 14:57:45 +02:00
committed by Manuel Pégourié-Gonnard
parent 2dc81a0cbc
commit cd3c845157
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_cli.c
View File

@ -2134,8 +2134,8 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
"that was not offered" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
*(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}