Remove sig unique check in boringssl

chrome/patches/boringssl-old-ciphers.patch

@@ -194,3 +194,16 @@ index fd8cef95d..1d6ffe88b 100644
        TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 & 0xffff,
        TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 & 0xffff,
        TLS1_CK_RSA_WITH_AES_128_SHA & 0xffff,
+diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
+index 57116cd6c..fa1652832 100644
+--- a/ssl/ssl_privkey.cc
++++ b/ssl/ssl_privkey.cc
+@@ -594,7 +594,7 @@ static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+
+ static bool set_sigalg_prefs(Array<uint16_t> *out, Span<const uint16_t> prefs) {
+   if (!sigalgs_unique(prefs)) {
+-    return false;
++    // return false;
+   }
+
+   // Check for invalid algorithms, and filter out |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.

tests/README.md

@@ -21,4 +21,7 @@ For each supported browser, the following tests are performed:
 
 ## What's missing
 The following tests are still missing:
-* Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser.
+- [ ] Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser.
+- [ ] Capture traffic automatically from different browsers
+- [ ] Update safari versions, double `rsa_pss_rsae_sha384`
+

tests/signature.py

@@ -296,7 +296,7 @@ def to_dict(self):
         d = super().to_dict()
         d["status_request_type"] = self.status_request_type
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionStatusRequest(**d)
@@ -364,7 +364,7 @@ def to_dict(self):
         d = super().to_dict()
         d["sig_hash_algs"] = self.sig_hash_algs
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionSignatureAlgorithms(**d)
@@ -401,7 +401,7 @@ class TLSExtensionPadding(TLSExtensionSignature,
     def __init__(self):
         # Padding has varying lengths, so don't include in the signature
         super().__init__(self.ext_type, length=None)
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionPadding()
@@ -421,7 +421,7 @@ def to_dict(self):
         d = super().to_dict()
         d["algorithms"] = self.algorithms
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionCompressCertificate(**d)
@@ -442,7 +442,7 @@ def to_dict(self):
         d = super().to_dict()
         d["record_size_limit"] = self.record_size_limit
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionRecordSizeLimit(**d)
@@ -463,7 +463,7 @@ def to_dict(self):
         d = super().to_dict()
         d["sig_hash_algs"] = self.sig_hash_algs
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionDelegatedCredentials(**d)
@@ -487,7 +487,7 @@ def to_dict(self):
             self.supported_versions
         ))
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         supported_versions = list(map(
@@ -513,7 +513,7 @@ def to_dict(self):
         d = super().to_dict()
         d["psk_ke_mode"] = self.psk_ke_mode
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionPSKKeyExchangeModes(**d)
@@ -524,7 +524,7 @@ def from_bytes(cls, length: int, data: bytes):
         if ke_length > 1:
             # Unsupported
             raise Exception("Failed to parse psk_key_exchange_modes extension")
-        
+
         return TLSExtensionPSKKeyExchangeModes(length, ke_mode)
 
 
@@ -544,7 +544,7 @@ def to_dict(self):
             for ks in self.key_shares
         ]
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         key_shares = [
@@ -585,7 +585,7 @@ def to_dict(self):
         d = super().to_dict()
         d["alps_alpn_list"] = self.alps_alpn_list
         return d
-    
+
     @classmethod
     def from_dict(cls, d):
         return TLSExtensionApplicationSettings(**d)
@@ -838,7 +838,7 @@ def from_bytes(cls, record: bytes):
                 f"Got 0x{handshake_header.type:02x}"
            )
 
-        if (len(record) - off - 4 != 
+        if (len(record) - off - 4 !=
             (handshake_header.length_high << 16) + handshake_header.length_low):
             raise Exception("Corrupt handshake length")