39ebf53dd34a553768277ee2e0a5c681b4ac6f9e - boringssl

commit	39ebf53dd34a553768277ee2e0a5c681b4ac6f9e	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sun Aug 31 02:23:49 2014 -0400
committer	Adam Langley <agl@google.com>	Tue Sep 02 23:41:34 2014 +0000
tree	db22c3a5d8f59ff3551157a108e32ef6f9a199df
parent	120a674c003b2e5950d77415c464b5db20c43972 [diff]

Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2.

This check got refactored in OpenSSL 1.0.2 and broke in the process. Fix this
and add a test. Otherwise things like client auth can get slightly confused; it
will try to sign the MD5/SHA-1 hash, but the TLS 1.2 cipher suite may not use
SSL_HANDSHAKE_MAC_DEFAULT, so those digests won't be available.

Based on upstream's 226751ae4a1f3e00021c43399d7bb51a99c22c17.

Change-Id: I5b864d3a696f3187b849c53b872c24fb7df27924
Reviewed-on: https://boringssl-review.googlesource.com/1696
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c[diff]
ssl/test/runner/common.go[diff]
ssl/test/runner/handshake_server.go[diff]
ssl/test/runner/runner.go[diff]

4 files changed

tree: db22c3a5d8f59ff3551157a108e32ef6f9a199df

crypto/
doc/
include/
ssl/
tool/
util/
.clang-format
.gitignore
BUILDING
CMakeLists.txt