Support delegated credentials verison 06
This version adds signature algorithms to the extension
Change-Id: I91dc78d33ee81cb7a6221c7bdeefc8ea460a2d6c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42424
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 6bac3a9..c64303a 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -821,16 +821,13 @@
}
// Check that the DC signature algorithm is supported by the peer.
- Span<const uint16_t> peer_sigalgs = tls1_get_peer_verify_algorithms(hs);
- bool sigalg_found = false;
+ Span<const uint16_t> peer_sigalgs = hs->peer_delegated_credential_sigalgs;
for (uint16_t peer_sigalg : peer_sigalgs) {
if (dc->expected_cert_verify_algorithm == peer_sigalg) {
- sigalg_found = true;
- break;
+ return true;
}
}
-
- return sigalg_found;
+ return false;
}
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
