diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-05 14:58:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-05 14:58:16 +0100 |
commit | 555766063e08fc675b88e06560f79456c4ba4f24 (patch) | |
tree | dd7a58b86f55df35938dd0e919bb8b1586c688f4 | |
parent | cd9596adfd9348b4fab60e8613586597af4c9722 (diff) | |
download | gnutls-555766063e08fc675b88e06560f79456c4ba4f24.tar.gz |
Disable signature algorithms that are not supported for client certificate verification.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/ext_signature.c | 6 |
2 files changed, 8 insertions, 1 deletions
@@ -5,6 +5,9 @@ See the end for copying conditions. Version 2.12.15 (unreleased) +** libgnutls: Disable signature algorithms that are not supported +for client certificate verification. + ** libgnutls: Optimized DH generation process (ported from 3.0.x) ** API and ABI modifications: diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 48eb5358e3..e8d8560d39 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -127,7 +127,7 @@ int _gnutls_sign_algorithm_parse_data (gnutls_session_t session, const opaque * data, size_t data_size) { - int sig, i; + int sig, i, hash; sig_ext_st *priv; extension_priv_data_t epriv; @@ -150,6 +150,10 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, _gnutls_debug_log ("EXT[SIGA]: rcvd signature algo (%d.%d) %s\n", aid.hash_algorithm, aid.sign_algorithm, gnutls_sign_get_name(sig)); + hash = _gnutls_sign_get_hash_algorithm(sig); + if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256) + continue; + if (sig != GNUTLS_SIGN_UNKNOWN) { priv->sign_algorithms[priv->sign_algorithms_size++] = sig; |