From f4fea8092a9aa8bba160e9ef0a1d3840976179ca Mon Sep 17 00:00:00 2001
From: Flavio Castelli <fcastelli@suse.com>
Date: Mon, 21 Feb 2022 18:49:14 +0100
Subject: [PATCH] Fix regression with certificate verification

Handle verification of ASN.1 DER-encoded ECDSA signatures using the P-256 curve and SHA-384.

Even though this specific combination is not recommended by `ring`, the
`verify_signature` method already supports other not recommended
combinations.

Moreover, this used to work until the release 0.12.0, but stopped with the 0.13.0
one.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
---
 src/certificate.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/certificate.rs b/src/certificate.rs
index 9cd64c5..5164aed 100644
--- a/src/certificate.rs
+++ b/src/certificate.rs
@@ -131,6 +131,7 @@ impl<'a> X509Certificate<'a> {
         if curve_oid == &OID_EC_P256 {
             match sha_len {
                 256 => Some(&signature::ECDSA_P256_SHA256_ASN1),
+                384 => Some(&signature::ECDSA_P256_SHA384_ASN1),
                 _ => None,
             }
         } else if curve_oid == &OID_NIST_EC_P384 {