mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: fix client certificates support for legacy servers
signatureSchemesForCertificate was written to be used with TLS 1.3, but ended up used for TLS 1.2 client certificates in a refactor. Since it only supported TLS 1.3 signature algorithms, it would lead to no RSA client certificates being sent to servers that didn't support RSA-PSS. TestHandshakeClientCertRSAPKCS1v15 was testing *specifically* for this, but alas the OpenSSL flag -verify accepts an empty certificates list as valid, as opposed to -Verify... Fixes #28925 Change-Id: I61afc02ca501d3d64ab4ad77bbb4cf10931e6f93 Reviewed-on: https://go-review.googlesource.com/c/151660 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda
Filippo Valsorda
parent
6571d32361
commit
daa7ff8195
10 changed files with 298 additions and 142 deletions
27
auth.go
27
auth.go
|
|
@ -134,8 +134,10 @@ func writeSignedMessage(sigHash io.Writer, context string, transcript hash.Hash)
|
|||
}
|
||||
|
||||
// signatureSchemesForCertificate returns the list of supported SignatureSchemes
|
||||
// for a given certificate, based on the public key.
|
||||
func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme {
|
||||
// for a given certificate, based on the public key and the protocol version. It
|
||||
// does not support the crypto.Decrypter interface, so shouldn't be used on the
|
||||
// server side in TLS 1.2 and earlier.
|
||||
func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme {
|
||||
priv, ok := cert.PrivateKey.(crypto.Signer)
|
||||
if !ok {
|
||||
return nil
|
||||
|
|
@ -143,6 +145,16 @@ func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme {
|
|||
|
||||
switch priv := priv.Public().(type) {
|
||||
case *ecdsa.PublicKey:
|
||||
if version != VersionTLS13 {
|
||||
// In TLS 1.2 and earlier, ECDSA algorithms are not
|
||||
// constrained to a single curve.
|
||||
return []SignatureScheme{
|
||||
ECDSAWithP256AndSHA256,
|
||||
ECDSAWithP384AndSHA384,
|
||||
ECDSAWithP521AndSHA512,
|
||||
ECDSAWithSHA1,
|
||||
}
|
||||
}
|
||||
switch priv.Curve {
|
||||
case elliptic.P256():
|
||||
return []SignatureScheme{ECDSAWithP256AndSHA256}
|
||||
|
|
@ -154,6 +166,17 @@ func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme {
|
|||
return nil
|
||||
}
|
||||
case *rsa.PublicKey:
|
||||
if version != VersionTLS13 {
|
||||
return []SignatureScheme{
|
||||
PSSWithSHA256,
|
||||
PSSWithSHA384,
|
||||
PSSWithSHA512,
|
||||
PKCS1WithSHA256,
|
||||
PKCS1WithSHA384,
|
||||
PKCS1WithSHA512,
|
||||
PKCS1WithSHA1,
|
||||
}
|
||||
}
|
||||
// RSA keys with RSA-PSS OID are not supported by crypto/x509.
|
||||
return []SignatureScheme{
|
||||
PSSWithSHA256,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue