From ec4a50b3c3f2f50caccfd52e939857a5d6f02fd1 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 24 Jul 2012 18:11:27 +0000
Subject: Abort handshake if signature algorithm used not supported by peer.

---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index fafaf6ddb3..46b23de1da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) If an attempt is made to use a signature algorithm not in the peer
+     preference list abort the handshake. If client has no suitable
+     signature algorithms in response to a certificate request do not
+     use the certificate.
+     [Steve Henson]
+
   *) If server EC tmp key is not in client preference list abort handshake.
      [Steve Henson]
 
-- 
cgit v1.2.3