)]}'
{
  "commit": "320da8d149bda0f5217444faac19abedfddf30f2",
  "tree": "e1e53a7e339bb254a10690e1e6d2c0ea87ef6475",
  "parents": [
    "b840ae1e16f95687a8379c49cab0bd94bd839b6f"
  ],
  "author": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Tue Feb 19 15:58:06 2019 -0500"
  },
  "committer": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Thu Feb 21 16:55:18 2019 +0000"
  },
  "message": "[release-branch.go1.12] crypto/tls: don\u0027t select RSA-PSS for client certificates in TLS 1.2\n\nIn https://golang.org/cl/160998, RSA-PSS was disabled for\n(most of) TLS 1.2. One place where we can\u0027t disable it is in a Client\nHello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3,\nso to offer TLS 1.3 we need to offer RSA-PSS, even if the server might\nselect TLS 1.2.\n\nThe good news is that we want to disable RSA-PSS mostly when we are the\nsigning side, as that\u0027s where broken crypto.Signer implementations will\nbite us. So we can announce RSA-PSS in the Client Hello, tolerate the\nserver picking TLS 1.2 and RSA-PSS for their signatures, but still not\ndo RSA-PSS on our side if asked to provide a client certificate.\n\nClient-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed\nactually using RSA-PSS.\n\nUpdates #30055\n\nChange-Id: I5ecade744b666433b37847abf55e1f08089b21d4\nReviewed-on: https://go-review.googlesource.com/c/163039\nReviewed-by: Andrew Bonventre \u003candybons@golang.org\u003e\nReviewed-by: Adam Langley \u003cagl@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "ca74989f6ed0b2c9972c26b63cdb1f5adab4e34f",
      "old_mode": 33188,
      "old_path": "src/crypto/tls/handshake_client.go",
      "new_id": "e760fbf2c1a227cc0e3e3f5e337a5b52d7ffcdfe",
      "new_mode": 33188,
      "new_path": "src/crypto/tls/handshake_client.go"
    },
    {
      "type": "modify",
      "old_id": "7441e5b55623314ecb14f294b31ad383451d70cd",
      "old_mode": 33188,
      "old_path": "src/crypto/tls/handshake_client_test.go",
      "new_id": "8c4125b7e2aa2e0bd2adf2f8d5737e2a99a6635b",
      "new_mode": 33188,
      "new_path": "src/crypto/tls/handshake_client_test.go"
    },
    {
      "type": "modify",
      "old_id": "9d59cb125d452ac158810e298467f94a55578157",
      "old_mode": 33188,
      "old_path": "src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled",
      "new_id": "71d26ea5e772357d46ce3b65b3acbe6a8ec987bc",
      "new_mode": 33188,
      "new_path": "src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "0e047294e09f27653b2a806a51bfdce0e9487b30",
      "new_mode": 33188,
      "new_path": "src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512"
    }
  ]
}