)]}'
{
  "commit": "602f4669ab8e01cb02747e4fff1cd702a84c5f1d",
  "tree": "95ecef7fadbf76f13da7bb6c6cbe6d2d2e15d185",
  "parents": [
    "bf5021a6b8a4859d04966998e84fcbff16bffd78"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Fri Dec 07 12:06:22 2018 -0600"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Tue Dec 11 20:08:12 2018 +0000"
  },
  "message": "Forbid empty CertificateRequestsupported_signature_algorithms in TLS 1.2.\n\nSee the IETF thread here:\nhttps://www.ietf.org/mail-archive/web/tls/current/msg27292.html\n\nIn particular, although the original publication of RFC 5246 had a\nsyntax error in the field (the minimum length was unspecified), there is\nan errata from 2012 to fix it to be non-empty.\nhttps://www.rfc-editor.org/errata/eid2864\n\nCurrently, when empty, we implicitly interpret it as SHA1/*, matching\nthe server behavior in missing extension in ClientHellos. However that\ntext does not support doing it for CertificateRequests, and there is not\nmuch reason to. That default (which is in itself confusing and caused\nproblems such as older OpenSSL only signing SHA-1 given SNI) was\nbecause, at the time, there were concerns over making any ClientHello\nextensions mandatory. This isn\u0027t applicable for CertificateRequest,\nwhich can freely advertise their true preferences.\n\nChange-Id: I113494d8f66769fde1362795fb08ff2f471ef31d\nReviewed-on: https://boringssl-review.googlesource.com/c/33524\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "678e4a3b7873e1a1e8d8f98851e244cc54dda969",
      "old_mode": 33188,
      "old_path": "ssl/t1_lib.cc",
      "new_id": "00c796ad6f7199d1c8e3470c513cfe9781c8ff3a",
      "new_mode": 33188,
      "new_path": "ssl/t1_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "6b251a27944c7d6320cba7fe8aab024884db3dd5",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "da81f23646e6863d14ac62879220fd0db5e3f186",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "0d3e8771062dccd7bcf80480e24d93c4764130f9",
      "old_mode": 33188,
      "old_path": "ssl/tls13_client.cc",
      "new_id": "0d778962e7adf2fc21543eb15b10e0d76b208fda",
      "new_mode": 33188,
      "new_path": "ssl/tls13_client.cc"
    }
  ]
}