Remember suitable hash function for any signature algorithm.

This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.
2026-02-19 00:39:46 +00:00 · 2017-04-28 17:15:26 +01:00
parent 1aa267cbc3
commit 7e5437a972
7 changed files with 307 additions and 33 deletions
--- a/6
+++ b/6
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+mbed TLS 2.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix insufficient support for signature-hash-algorithm extension,
+     resulting in compatibility problems with Chrome. Found by hfloyrd. #823
+
 = mbed TLS 2.4.2 branch released 2017-03-08

 Security