before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-04-25 19:34:34 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-04-25 20:34:36 +0200
commit: a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7 (patch)
tree: c86821a14f0ef2c1189320b3cf5749d3ef301c81
parent: 1e013f4c660fa79c2398dbcfd4f0e054c724c5ec (diff)
download: gnutls-a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 6f3066e549..5ecc76a019 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -282,7 +282,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
 	    || priv->sign_algorithms_size == 0)
 		/* none set, allow SHA-1 only */
 	{
-		return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
+		ret = gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
+		if (_gnutls_session_sign_algo_enabled(session, ret) < 0)
+			goto fail;
+		return ret;
 	}
 
 	for (i = 0; i < priv->sign_algorithms_size; i++) {
@@ -301,6 +304,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
 		}
 	}
 
+ fail:
 	return GNUTLS_SIGN_UNKNOWN;
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-04-25 19:34:34 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-04-25 20:34:36 +0200
commit	a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7 (patch)
tree	c86821a14f0ef2c1189320b3cf5749d3ef301c81
parent	1e013f4c660fa79c2398dbcfd4f0e054c724c5ec (diff)
download	gnutls-a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7.tar.gz