diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-17 08:32:09 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-03 16:23:33 +0100 |
| commit | d53d4ab80c7aad47a317d2465a8b11cb187e15bb (patch) | |
| tree | 91de0e427f63b8e59153e5f0b64cc9edc4d784c7 | |
| parent | 25645bd61e32ddba0fba49c2ed59bb09fe2cfce0 (diff) | |
| download | gnutls-d53d4ab80c7aad47a317d2465a8b11cb187e15bb.tar.gz | |
select_sign_algorithm: check KX type only on pre-TLS1.3
That, when selecting a certificate under TLS1.3, considers
the negotiated signature algorithms for compatibility with the
certificate to be selected.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/auth/cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index a82a43d3b4..9b9cd39c3c 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1254,7 +1254,7 @@ int select_sign_algorithm(gnutls_session_t session, gnutls_sign_algorithm_t algo; const version_entry_st *ver = get_version(session); - if (_gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) + if (!ver->tls13_sem && _gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) return 0; if (!_gnutls_version_has_selectable_sighash(ver)) { |