Parse Signature Algorithm ext when renegotiating Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension.

commit: f3d441f2a5392a5280e814a861530875b750c3b9 [log] [tgz]
author: Ron Eldor <Ron.Eldor@arm.com> Tue Oct 03 15:58:26 2017 +0300
committer: Janos Follath <janos.follath@arm.com> Fri Oct 06 15:42:54 2017 +0100
tree: 3f394d111266ce1259e4fed00edfa251db2cc187
parent: 72ea31b026e1fc61b01662474aa5125817b968bc [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 227faed..02b8369 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Parse signature algorithm extension when renegotiating. Previously,
+     renegotiated handshakes would only accept signatures using SHA-1
+     regardless of the peer's preferences, or fail if SHA-1 was disabled.
+
 = mbed TLS 2.6.0 branch released 2017-08-10
 
 Security
commit	f3d441f2a5392a5280e814a861530875b750c3b9	[log] [tgz]
author	Ron Eldor <Ron.Eldor@arm.com>	Tue Oct 03 15:58:26 2017 +0300
committer	Janos Follath <janos.follath@arm.com>	Fri Oct 06 15:42:54 2017 +0100
tree	3f394d111266ce1259e4fed00edfa251db2cc187
parent	72ea31b026e1fc61b01662474aa5125817b968bc [diff] [blame]