Remember suitable hash function for any signature algorithm. This commit changes `ssl_parse_signature_algorithms_ext` to remember one suitable ( := supported by client and by our config ) hash algorithm per signature algorithm. It also modifies the ciphersuite checking function `ssl_ciphersuite_match` to refuse a suite if there is no suitable hash algorithm. Finally, it adds the corresponding entry to the ChangeLog.

commit: 7e5437a972e287d7ec3e4ee7379e55fdca7250b3 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Apr 28 17:15:26 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon May 15 11:50:11 2017 +0100
tree: 7835fc059f8af88158bb245de43382112d5602ec
parent: 1aa267cbc39316127e39cc7e63552e30a0a66764 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 13de867..43c2801 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+mbed TLS 2.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix insufficient support for signature-hash-algorithm extension,
+     resulting in compatibility problems with Chrome. Found by hfloyrd. #823
+
 = mbed TLS 2.4.2 branch released 2017-03-08
 
 Security
commit	7e5437a972e287d7ec3e4ee7379e55fdca7250b3	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Apr 28 17:15:26 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon May 15 11:50:11 2017 +0100
tree	7835fc059f8af88158bb245de43382112d5602ec
parent	1aa267cbc39316127e39cc7e63552e30a0a66764 [diff] [blame]