(_gnutls_remove_unwanted_ciphersuites): Remove GNUTLS_KX_SRP_RSA or

GNUTLS_KX_SRP_DSS if there is no SRP credential.
author: Simon Josefsson <simon@josefsson.org> 2007-02-06 15:33:22 +0000
committer: Simon Josefsson <simon@josefsson.org> 2007-02-06 15:33:22 +0000
commit: 9b157a69e7d3addffa726e7fa3b3d2d0523ea517 (patch)
tree: 6838273eb33b10205c5bdd9949e51d68d5553dd8
parent: 02c8eade21ad27f8cc24f1af3a99eb6a5c30dc8f (diff)
download: gnutls-9b157a69e7d3addffa726e7fa3b3d2d0523ea517.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 5c318f5a15..89afcc7fa4 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -2782,7 +2782,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
 	    delete = check_server_params (session, kx, alg, alg_size);
 	}
 
-
+      /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
+	 (see cred_mappings in gnutls_algorithms.c), but it also
+	 requires a SRP credential.  Don't use SRP kx unless we have a
+	 SRP credential too.  */
+      if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
+	{
+	  if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
+	    delete = 1;
+	}
 
       memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
author	Simon Josefsson <simon@josefsson.org>	2007-02-06 15:33:22 +0000
committer	Simon Josefsson <simon@josefsson.org>	2007-02-06 15:33:22 +0000
commit	9b157a69e7d3addffa726e7fa3b3d2d0523ea517 (patch)
tree	6838273eb33b10205c5bdd9949e51d68d5553dd8
parent	02c8eade21ad27f8cc24f1af3a99eb6a5c30dc8f (diff)
download	gnutls-9b157a69e7d3addffa726e7fa3b3d2d0523ea517.tar.gz