Bug 1412829, reject empty supported_signature_algorithms in CR in TLS 1.2, r=mt

Summary: This basically reverts bug 1335069 to align with RFC 5246. Reviewers: mt Reviewed By: mt Bug #: 1412829 Differential Revision: https://phabricator.services.mozilla.com/D12563
author: Daiki Ueno <dueno@redhat.com> 2018-11-22 10:55:20 +0100
committer: Daiki Ueno <dueno@redhat.com> 2018-11-22 10:55:20 +0100
commit: 62a79eaab71cdf616b9d4a7a5a18a69172b7babb (patch)
tree: 1f161ef7e2fac675200cd8084913ad3cf15f1261 /gtests/nss_bogo_shim/config.json
parent: 927ec1a561535202c2c3f4b51be863c0dee633d6 (diff)
download: nss-hg-62a79eaab71cdf616b9d4a7a5a18a69172b7babb.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/gtests/nss_bogo_shim/config.json b/gtests/nss_bogo_shim/config.json
index 66f55d38d..5c7a2e348 100644
--- a/gtests/nss_bogo_shim/config.json
+++ b/gtests/nss_bogo_shim/config.json
@@ -64,7 +64,8 @@
         "RequireAnyClientCertificate-TLS1*":"Bug 1339387",
         "SendExtensionOnClientCertificate-TLS13":"Bug 1339392",
         "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear",
-        "P224-Server":"NSS doesn't support P-224"
+        "P224-Server":"NSS doesn't support P-224",
+        "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty."
     },
     "ErrorMap" : {
         ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
author	Daiki Ueno <dueno@redhat.com>	2018-11-22 10:55:20 +0100
committer	Daiki Ueno <dueno@redhat.com>	2018-11-22 10:55:20 +0100
commit	62a79eaab71cdf616b9d4a7a5a18a69172b7babb (patch)
tree	1f161ef7e2fac675200cd8084913ad3cf15f1261 /gtests/nss_bogo_shim/config.json
parent	927ec1a561535202c2c3f4b51be863c0dee633d6 (diff)
download	nss-hg-62a79eaab71cdf616b9d4a7a5a18a69172b7babb.tar.gz