diff options
author | Simon Josefsson <simon@josefsson.org> | 2007-02-06 15:33:22 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2007-02-06 15:33:22 +0000 |
commit | 9b157a69e7d3addffa726e7fa3b3d2d0523ea517 (patch) | |
tree | 6838273eb33b10205c5bdd9949e51d68d5553dd8 | |
parent | 02c8eade21ad27f8cc24f1af3a99eb6a5c30dc8f (diff) | |
download | gnutls-9b157a69e7d3addffa726e7fa3b3d2d0523ea517.tar.gz |
(_gnutls_remove_unwanted_ciphersuites): Remove GNUTLS_KX_SRP_RSA or
GNUTLS_KX_SRP_DSS if there is no SRP credential.
-rw-r--r-- | lib/gnutls_handshake.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 5c318f5a15..89afcc7fa4 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation * * Author: Nikos Mavroyanopoulos * @@ -2782,7 +2782,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, delete = check_server_params (session, kx, alg, alg_size); } - + /* These two SRP kx's are marked to require a CRD_CERTIFICATE, + (see cred_mappings in gnutls_algorithms.c), but it also + requires a SRP credential. Don't use SRP kx unless we have a + SRP credential too. */ + if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) + { + if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) + delete = 1; + } memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2); |