diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-01-10 12:12:25 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-01-10 12:15:52 +0100 |
| commit | 2a65cc520cf4688863cf1c002c01f2611a3084a8 (patch) | |
| tree | 3d3fe3dfb2587026bf7733affb4e380494321d20 | |
| parent | c9417cbaecc9480d42b9c6632ad0f61c85a2d800 (diff) | |
| download | gnutls-2a65cc520cf4688863cf1c002c01f2611a3084a8.tar.gz | |
When setting up TLS with cert-type OpenPGP from a client,
the server verifies if it supports the extension’s contents
in _gnutls_session_cert_type_supported(). This function
checks for cred->get_cert_callback but not cred->get_cert_callback2.
As a result, servers setup for OpenPGP certificate credential
callback with gnutls_certificate_set_retrieve_function2() are
unable to use the OpenPGP certificate type.
The solution is to consider cred->get_cert_callback2 alongside
cred->get_cert_callback in _gnutls_session_cert_type_supported().
Patch by Rick van Rein.
| -rw-r--r-- | lib/gnutls_state.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index d9bd04fd31..35bdf00da7 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -190,7 +190,8 @@ _gnutls_session_cert_type_supported(gnutls_session_t session, return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; if (cred->server_get_cert_callback == NULL - && cred->get_cert_callback == NULL) { + && cred->get_cert_callback == NULL + && cred->get_cert_callback2 == NULL) { for (i = 0; i < cred->ncerts; i++) { if (cred->certs[i].cert_list[0].type == cert_type) { |