RFC Errata
RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008
Note: This RFC has been obsoleted by RFC 8446
Source of RFC: tls (sec)See Also: RFC 5246 w/ inline errata
Errata ID: 2864
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfredo Pironti
Date Reported: 2011-07-19
Verifier Name: Sean Turner
Date Verified: 2012-01-09
Section A.4.2 says:
struct {
ClientCertificateType certificate_types<1..2^8-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
--- Fixed by errata 1585 to
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
It should say:
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2..2^16-2>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
Notes:
The supported_signature_algorithms field is a variable length array. As such ceiling and floor should be specified, and they should be multiple of the base type (which is two bytes long in this case).