mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-28 15:11:06 +01:00
627fbee41a
mbedtls_ssL_set_calc_verify_md() is used to select valid hashes when writing the server's CertificateRequest message, as well as to verify and act on the client's choice when reading its CertificateVerify message. If enabled at compile-time and configured via mbedtls_ssl_conf_sig_hashes() the current code also offers SHA-1 in TLS 1.2. However, the SHA-1-based handshake transcript in TLS 1.2 is different from the SHA-1 handshake transcript used in TLS < 1.2, and we only maintain the latter (through ssl_update_checksum_md5sha1()), but not the former. Concretely, this will lead to CertificateVerify verification failure if the client picks SHA-1 for the CertificateVerify message in a TLS 1.2 handshake. This commit removes SHA-1 from the list of supported hashes in the CertificateRequest message, and adapts two tests in ssl-opt.sh which expect SHA-1 to be listed in the CertificateRequest message.