From ab5b346352aaf0b720a0a83b7ae3d47a4d6591ac Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 25 Mar 2015 19:35:20 +0000
Subject: [PATCH] Obey TLSv1.2 RFC regarding anonymous signature type

---
 nselib/tls.lua | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nselib/tls.lua b/nselib/tls.lua
index c600f48e3..da3c3ecb2 100644
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -1264,7 +1264,12 @@ do
   local sigalgs = {}
   for hash, _ in pairs(HashAlgorithms) do
     for sig, _ in pairs(SignatureAlgorithms) do
-      sigalgs[#sigalgs+1] = {hash, sig}
+      -- RFC 5246 7.4.1.4.1.
+      -- The "anonymous" value is meaningless in this context but used in
+      -- Section 7.4.3.  It MUST NOT appear in this extension.
+      if sig ~= "anonymous" then
+        sigalgs[#sigalgs+1] = {hash, sig}
+      end
     end
   end
   signature_algorithms_all = EXTENSION_HELPERS["signature_algorithms"](sigalgs)