signature: on client side, only select a non-enabled signature if none matchgnutls_3_5_x-sig-fix

That amends commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
"On client side allow signing with the signature algorithm of our cert

That allows to sign for example with DSA-SHA1 as client even if we do not
allow DSA-SHA1 as signature algorithm for server's certificate. This allows
to use a deprecated certificate without enabling deprecated algorithms
globally."

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 96b97cef94..f7bec7c4f5 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -272,6 +272,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
 	sig_ext_st *priv;
 	extension_priv_data_t epriv;
 	unsigned int cert_algo;
+	gnutls_sign_algorithm_t saved_sigalgo = 0;
 
 	if (unlikely(ver == NULL))
 		return gnutls_assert_val(GNUTLS_SIGN_UNKNOWN);
@@ -301,7 +302,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
 			     priv->sign_algorithms[i]) < 0)
 				continue;
 
-			if (!client_cert && _gnutls_session_sign_algo_enabled
+			if (client_cert && !saved_sigalgo)
+				saved_sigalgo = priv->sign_algorithms[i];
+
+			if (_gnutls_session_sign_algo_enabled
 			    (session, priv->sign_algorithms[i]) < 0)
 				continue;
 
@@ -309,6 +313,12 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
 		}
 	}
 
+	/* When having a legacy client certificate which can only be signed
+	 * using algorithms we don't always enable by default (e.g., DSA-SHA1),
+	 * continue and sign with it. */
+	if (client_cert && saved_sigalgo)
+		return saved_sigalgo;
+
  fail:
 	return GNUTLS_SIGN_UNKNOWN;
 }