crypto/tls: advertise support for SHA-512 signatures in 1.2

This is the equivalent change to 1c105980 but for SHA-512. SHA-512 certificates are already supported by default since b53bb2ca, but some servers will refuse connections if the algorithm is not advertised in the overloaded signatureAndHash extension (see 09b238f1). This required adding support for SHA-512 signatures on CertificateVerify and ServerKeyExchange messages, because of said overloading. Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2 ClientHello even if the server picks a lower version. Closes #22422 Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105 Reviewed-on: https://go-review.googlesource.com/74950 Run-TryBot: Filippo Valsorda <hi@filippo.io> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-12-08 06:10:04 +00:00 · 2017-10-31 19:43:05 -04:00 · 2017-10-31 19:43:05 -04:00 · 96cd66b266
commit 96cd66b266
parent 65fbf0e834
48 changed files with 1902 additions and 2108 deletions
--- a/src/crypto/tls/handshake_test.go
+++ b/src/crypto/tls/handshake_test.go
@ -32,10 +32,10 @@ import (
 // implementation.
 //
 // Tests can be updated by running them with the -update flag. This will cause
-// the test files. Generally one should combine the -update flag with -test.run
-// to updated a specific test. Since the reference implementation will always
-// generate fresh random numbers, large parts of the reference connection will
-// always change.
+// the test files to be regenerated. Generally one should combine the -update
+// flag with -test.run to updated a specific test. Since the reference
+// implementation will always generate fresh random numbers, large parts of
+// the reference connection will always change.

 var (
 	update = flag.Bool("update", false, "update golden files on disk")