)]}'
{
  "commit": "99fdfb9f22208c1152c381be3087cd9380a58d66",
  "tree": "d5501bcbc6be691b84e5df2c4c1ff7edea4fe085",
  "parents": [
    "7104cc96b752c45e02fd3f1728cf313263f04548"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@chromium.org",
    "time": "Mon Nov 02 12:11:35 2015 -0500"
  },
  "committer": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Wed Nov 11 22:15:16 2015 +0000"
  },
  "message": "Move curve check out of tls12_check_peer_sigalg.\n\nThe current check has two problems:\n\n- It only runs on the server, where there isn\u0027t a curve list at all. This was a\n  mistake in https://boringssl-review.googlesource.com/1843 which flipped it\n  from client-only to server-only.\n\n- It only runs in TLS 1.2, so one could bypass it by just negotiating TLS 1.1.\n  Upstream added it as part of their Suite B mode, which requires 1.2.\n\nMove it elsewhere. Though we do not check the entire chain, leaving that to the\ncertificate verifier, signatures made by the leaf certificate are made by the\nSSL/TLS stack, so it\u0027s reasonable to check the curve as part of checking\nsuitability of a leaf.\n\nChange-Id: I7c12f2a32ba946a20e9ba6c70eff23bebcb60bb2\nReviewed-on: https://boringssl-review.googlesource.com/6414\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "843403b350eaebe571435eefec851947dbdcea9e",
      "old_mode": 33188,
      "old_path": "ssl/s3_clnt.c",
      "new_id": "b474352d3e9f7b9d6788a9f1856e31b6eee2ea21",
      "new_mode": 33188,
      "new_path": "ssl/s3_clnt.c"
    },
    {
      "type": "modify",
      "old_id": "9a290283a501b9d27193001492072ba8b285d022",
      "old_mode": 33188,
      "old_path": "ssl/t1_lib.c",
      "new_id": "2a3ba7f7ff7d5a04b259a57961a03287160d24a1",
      "new_mode": 33188,
      "new_path": "ssl/t1_lib.c"
    },
    {
      "type": "modify",
      "old_id": "07ba9f59624fbf7fc1d01364b69650e33723b9b9",
      "old_mode": 33188,
      "old_path": "ssl/test/bssl_shim.cc",
      "new_id": "b309449c4c3d49db675d516a7e6849116ad15bf4",
      "new_mode": 33188,
      "new_path": "ssl/test/bssl_shim.cc"
    },
    {
      "type": "modify",
      "old_id": "6ab71cf24c04448c432a3525ccf1b6b2c758c826",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "6573871568a512ab864c5a1c68c3ffe419b128cf",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "50e6b234b51a7f76d4e6c582ac66d44f1171ef02",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.cc",
      "new_id": "23b0879e1200072e8310593aa89acebee311d98d",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.cc"
    },
    {
      "type": "modify",
      "old_id": "9f295aeb42c1359bf38f0e53595b4d08ccf26ac8",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.h",
      "new_id": "733e0a11afab22293a8ef53130b88239441c5fec",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.h"
    }
  ]
}