[dev.boringcrypto] all: merge master into dev.boringcrypto

Updated TestBoringServerSignatureAndHash to expect RSA-PSS to work with TLS 1.2, and hence with FIPS mode. Change-Id: I358271b2e4804733cf61dc132fa0c5f39c2bff19
2025-04-03 20:17:36 +03:00 · 2019-11-20 16:19:41 -05:00 · 2019-11-20 16:19:41 -05:00 · 0f829ed5f4
commit 0f829ed5f4
parent c40e793800 6bb85fe4e7
36 changed files with 1813 additions and 1356 deletions
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@ -365,16 +365,13 @@ func (hs *serverHandshakeStateTLS13) pickCertificate() error {
 		return c.sendAlert(alertMissingExtension)
 	}

-	// This implements a very simplistic certificate selection strategy for now:
-	// getCertificate delegates to the application Config.GetCertificate, or
-	// selects based on the server_name only. If the selected certificate's
-	// public key does not match the client signature_algorithms, the handshake
-	// is aborted. No attention is given to signature_algorithms_cert, and it is
-	// not passed to the application Config.GetCertificate. This will need to
-	// improve according to RFC 8446, sections 4.4.2.2 and 4.2.3.
 	certificate, err := c.config.getCertificate(clientHelloInfo(c, hs.clientHello))
 	if err != nil {
-		c.sendAlert(alertInternalError)
+		if err == errNoCertificates {
+			c.sendAlert(alertUnrecognizedName)
+		} else {
+			c.sendAlert(alertInternalError)
+		}
 		return err
 	}
 	hs.sigAlg, err = selectSignatureScheme(c.vers, certificate, hs.clientHello.supportedSignatureAlgorithms)