diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-04-25 19:34:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-04-25 20:34:36 +0200 |
commit | a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7 (patch) | |
tree | c86821a14f0ef2c1189320b3cf5749d3ef301c81 | |
parent | 1e013f4c660fa79c2398dbcfd4f0e054c724c5ec (diff) | |
download | gnutls-a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7.tar.gz |
before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled
-rw-r--r-- | lib/ext/signature.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c index 6f3066e549..5ecc76a019 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -282,7 +282,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session, || priv->sign_algorithms_size == 0) /* none set, allow SHA-1 only */ { - return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1); + ret = gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1); + if (_gnutls_session_sign_algo_enabled(session, ret) < 0) + goto fail; + return ret; } for (i = 0; i < priv->sign_algorithms_size; i++) { @@ -301,6 +304,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session, } } + fail: return GNUTLS_SIGN_UNKNOWN; } |