diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-25 11:13:23 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:23:49 +0200 |
| commit | 0569802b35fc97fbd02a76e8e2ce1ac663a3f2cd (patch) | |
| tree | 71dcf6fdd2f921e4386d9552eabb3bbdd99be1aa | |
| parent | 2e9ef4138440832d5cb39c47d021f882bf15a25e (diff) | |
| download | gnutls-0569802b35fc97fbd02a76e8e2ce1ac663a3f2cd.tar.gz | |
ext/signature: accept compatible algorithms with PK
That is instead of using a 1-1 mapping of signature algorithms
to public key algorithms, use gnutls_sign_supports_pk_algorithm()
to determine whether algorithms match. That way we can allow
GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS
keys.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/ext/signature.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c index e5f1874fd0..e546dccb67 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -299,8 +299,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session, } for (i = 0; i < priv->sign_algorithms_size; i++) { - if (gnutls_sign_get_pk_algorithm(priv->sign_algorithms[i]) - == cert_algo) { + if (gnutls_sign_supports_pk_algorithm(priv->sign_algorithms[i], cert_algo) != 0) { if (_gnutls_pubkey_compatible_with_sig (session, cert->pubkey, ver, priv->sign_algorithms[i]) < 0) |