search

pion / dtls

DTLS 1.2 Server/Client implementation for Go
https://pion.ly/
MIT License
603 stars 160 forks source link

Only use algorithms in CertificateRequest #578

Closed mschexnaydre closed 1 year ago

mschexnaydre commented 1 year ago

Fix for issue 418

For RFC compliance only algorithms in the certificate request shall be used.

Description We should only be using one of the signature algorithms specified in the CertificateRequest message when generating the CertificateVerify message. Prior to this fix SHA-256 was always being used.

This change stores the HASH algorithm from the CertificateRequest message in the State object so that we can reference these later when generating the CertificateVerify message.

Removed hard-coded usage of SHA-256 in generateCertificateVerify, now uses the Digest method of the passed in algorithm.

Reference issue Fixes https://github.com/pion/dtls/issues/418

codecov[bot] commented 1 year ago

Codecov Report

Patch coverage is 100.00% of modified lines.

Files Changed Coverage
state.go ø
crypto.go 100.00%
flight3handler.go 100.00%
flight5handler.go 100.00%

:loudspeaker: Thoughts on this report? Let us know!.