aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
diff options
context:
space:
mode:
authorFilippo Valsorda <filippo@golang.org>2019-06-13 18:33:33 -0400
committerFilippo Valsorda <filippo@golang.org>2019-06-19 19:59:14 +0000
commit0b3a57b5374bba3fdf88258e2be4c8be65e6a5de (patch)
tree60f2c993a944c3c0f7f82a5c265ac8d5d956b375 /src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
parent0ab1cc33ef35147b0e1248f2a9d669ae193d6b3e (diff)
downloadgo-0b3a57b5374bba3fdf88258e2be4c8be65e6a5de.tar.xz
crypto/tls: disable RSA-PSS in TLS 1.2 again
Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound')
-rw-r--r--src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound54
1 files changed, 27 insertions, 27 deletions
diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
index 4139c92aa0..6fbad262a1 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 99 01 00 00 95 03 03 cf 60 be 69 fc |............`.i.|
-00000010 d8 3d f8 5e 5a 67 1d 86 93 9a b1 58 4e ca 35 d8 |.=.^Zg.....XN.5.|
-00000020 2d 92 56 f8 74 b0 9a 96 20 75 46 00 00 04 00 2f |-.V.t... uF..../|
+00000000 16 03 01 00 99 01 00 00 95 03 03 d9 85 58 6e 7f |.............Xn.|
+00000010 2d b4 cd f0 04 75 ef 4a 41 8a f9 2e 87 ae 63 c8 |-....u.JA.....c.|
+00000020 59 4b a2 4c 4f 46 c4 15 91 2e 7c 00 00 04 00 2f |YK.LOF....|..../|
00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s|
00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......|
00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................|
@@ -53,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 aa e3 c3 d5 76 |...............v|
-00000010 d7 f7 da d5 93 39 8f 6d c2 6a ed dc b1 69 c9 2e |.....9.m.j...i..|
-00000020 74 55 e3 2a c8 7d 03 f5 a6 6a 4e 04 b1 7f 14 86 |tU.*.}...jN.....|
-00000030 4c 5a 0d 55 00 dc 58 2b b6 34 bb 51 b0 d6 df ff |LZ.U..X+.4.Q....|
-00000040 ab 0e 1a a8 df b1 58 de 73 9d 94 e4 d1 26 28 df |......X.s....&(.|
-00000050 64 09 fd b0 bc d5 9e 85 0d e8 0c ff 1a 5c 87 47 |d............\.G|
-00000060 57 d0 3e a8 46 c6 5d c4 57 5c 95 c1 ca 91 69 c3 |W.>.F.].W\....i.|
-00000070 26 2f 93 0a f8 56 51 10 e9 ff f2 82 4f 21 54 30 |&/...VQ.....O!T0|
-00000080 d3 87 fd e9 e6 a1 05 53 d0 b4 10 14 03 03 00 01 |.......S........|
-00000090 01 16 03 03 00 40 1f 6b ca bc 42 19 fe c6 64 cf |.....@.k..B...d.|
-000000a0 6f de ff 54 28 56 de 1a 99 fb 19 d7 4a 5e 34 97 |o..T(V......J^4.|
-000000b0 f6 38 99 17 16 fb 06 ae 88 fb a6 07 2f 01 7b 54 |.8........../.{T|
-000000c0 63 8a 4a c1 6b ee 4e 61 4e c1 46 b5 d6 8f 51 a9 |c.J.k.NaN.F...Q.|
-000000d0 fb 07 9b 88 27 20 |....' |
+00000000 16 03 03 00 86 10 00 00 82 00 80 5a 46 e5 a3 fb |...........ZF...|
+00000010 1d 57 11 df 01 db d8 df 8c 2f 25 4a 23 7a 62 38 |.W......./%J#zb8|
+00000020 49 b7 fa 2c 96 94 38 62 b5 9e db 5b 84 d8 8c 24 |I..,..8b...[...$|
+00000030 ec 80 e8 f7 c6 bf 8f fc ba 2c 46 f6 ea e6 be 02 |.........,F.....|
+00000040 fb 43 2c 97 82 6e 0e ce 1d 16 39 80 09 97 da 65 |.C,..n....9....e|
+00000050 4a ad 87 02 2c f3 6a ce 44 c0 c3 16 ef 67 86 62 |J...,.j.D....g.b|
+00000060 14 1a 85 7a 82 a7 b8 6f 55 8f 1e fb 5d 2d a8 cb |...z...oU...]-..|
+00000070 ec 77 0d b0 b3 1b a1 99 c9 51 e8 63 98 1a 31 f4 |.w.......Q.c..1.|
+00000080 b2 17 b5 bf 57 fb 23 47 ee 1e d3 14 03 03 00 01 |....W.#G........|
+00000090 01 16 03 03 00 40 61 a2 82 3b 6f c3 f6 8b 1d 93 |.....@a..;o.....|
+000000a0 42 f6 81 a4 e1 3b bd ab 6f d1 9d 04 a6 be f4 1b |B....;..o.......|
+000000b0 c7 0b 63 c5 d2 4d 8b 69 41 5a 65 8d 8d b1 83 92 |..c..M.iAZe.....|
+000000c0 2d d6 6c c5 45 c7 99 83 89 b7 d5 a1 ae 1b 33 05 |-.l.E.........3.|
+000000d0 d5 00 9f cb 79 50 |....yP|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 62 37 c3 c7 5e |...........b7..^|
-00000020 7a 8c 16 99 2d a4 21 cd 44 ab ae ff 52 d4 a9 6f |z...-.!.D...R..o|
-00000030 fe 58 9a 61 2e ed 51 47 8b 9f f1 ca be b9 46 78 |.X.a..QG......Fx|
-00000040 9a fc d0 38 45 da a9 41 fd 51 8f 17 03 03 00 40 |...8E..A.Q.....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 29 51 0e ac ef |...........)Q...|
+00000020 7b ef 53 95 05 d9 4f 28 97 a2 d6 ff 44 e1 0f fb |{.S...O(....D...|
+00000030 ed e2 ac f4 6c 46 5f 91 07 ba f0 8f 37 37 8d 77 |....lF_.....77.w|
+00000040 7d a8 32 f5 4c f8 fd fc 86 ed 02 17 03 03 00 40 |}.2.L..........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 7d aa 32 6f 59 1c d9 83 fe 11 2f ff b7 92 fb 22 |}.2oY...../...."|
-00000070 c0 9c 77 d6 73 66 da 10 f1 36 61 34 0f e6 e9 77 |..w.sf...6a4...w|
-00000080 8a 5c c1 8c ba 36 9d cc 8d 3f 48 03 2c c1 a5 1e |.\...6...?H.,...|
+00000060 2d 65 8c 14 51 77 fb 37 61 b0 37 2b 74 8b 9e 8d |-e..Qw.7a.7+t...|
+00000070 7e 72 c9 af 46 eb 05 72 8a b4 42 dc e9 6c df 01 |~r..F..r..B..l..|
+00000080 d2 c6 eb 48 f9 a9 a1 fd 6f 58 b2 76 95 13 df 29 |...H....oX.v...)|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 29 14 57 d1 dc f3 ab 63 40 92 00 |.....).W....c@..|
-000000b0 31 3b d5 36 a8 3c e3 cf b5 64 ee b7 e9 36 86 75 |1;.6.<...d...6.u|
-000000c0 6e d8 91 29 f0 |n..).|
+000000a0 00 00 00 00 00 81 a1 ed 82 f3 3d d4 ea af 32 0d |..........=...2.|
+000000b0 b2 b4 ab 7e 94 1b 88 95 8b 72 22 57 b1 35 96 12 |...~.....r"W.5..|
+000000c0 45 57 68 d7 dc |EWh..|
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 05:21:49 +0000