diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-17 08:32:09 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:36 +0100 |
| commit | e4e81da862e90920f70cfb4a5cd49883a6848452 (patch) | |
| tree | 584c9cc2f0aa3ca3ae436bc5c6cf687ecda59ea2 | |
| parent | 020646620ab0100be89f954a743ee36024a9df88 (diff) | |
| download | gnutls-e4e81da862e90920f70cfb4a5cd49883a6848452.tar.gz | |
select_sign_algorithm: check KX type only on pre-TLS1.3
That, when selecting a certificate under TLS1.3, considers
the negotiated signature algorithms for compatibility with the
certificate to be selected.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/auth/cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index a82a43d3b4..9b9cd39c3c 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1254,7 +1254,7 @@ int select_sign_algorithm(gnutls_session_t session, gnutls_sign_algorithm_t algo; const version_entry_st *ver = get_version(session); - if (_gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) + if (!ver->tls13_sem && _gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) return 0; if (!_gnutls_version_has_selectable_sighash(ver)) { |