selectSignatureScheme picks a SignatureScheme from the peer's preference list that works with the selected certificate. It's only called for protocol versions that support signature algorithms, so TLS 1.2 and 1.3.
(vers uint16, c *Certificate, peerAlgs []SignatureScheme)
| 232 | // that works with the selected certificate. It's only called for protocol |
| 233 | // versions that support signature algorithms, so TLS 1.2 and 1.3. |
| 234 | func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureScheme) (SignatureScheme, error) { |
| 235 | supportedAlgs := signatureSchemesForCertificate(vers, c) |
| 236 | if len(supportedAlgs) == 0 { |
| 237 | return 0, unsupportedCertificateError(c) |
| 238 | } |
| 239 | if len(peerAlgs) == 0 && vers == VersionTLS12 { |
| 240 | // For TLS 1.2, if the client didn't send signature_algorithms then we |
| 241 | // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1. |
| 242 | // RFC 9155 made signature_algorithms mandatory in TLS 1.2, and we gated |
| 243 | // it behind the tlssha1 GODEBUG setting. |
| 244 | // if tlssha1.Value() != "1" { |
| 245 | return 0, errors.New("tls: missing signature_algorithms from TLS 1.2 peer") |
| 246 | // } |
| 247 | // peerAlgs = []SignatureScheme{PKCS1WithSHA1, ECDSAWithSHA1} |
| 248 | } |
| 249 | // Pick signature scheme in the peer's preference order, as our |
| 250 | // preference order is not configurable. |
| 251 | for _, preferredAlg := range peerAlgs { |
| 252 | if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) { |
| 253 | return preferredAlg, nil |
| 254 | } |
| 255 | } |
| 256 | return 0, errors.New("tls: peer doesn't support any of the certificate's signature algorithms") |
| 257 | } |
| 258 | |
| 259 | // unsupportedCertificateError returns a helpful error for certificates with |
| 260 | // an unsupported private key. |
no test coverage detected
searching dependent graphs…