diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-20 19:45:20 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-20 19:45:20 +0200 |
commit | 1a02ec18e9e39f82cee7f9cff74e1f1574bac472 (patch) | |
tree | 34ac890b66df56a45e7c16bb2861b7bc860c1068 /lib/auth/cert.c | |
parent | 8d328d1a17fc98073a55d94b7de17e55987494ef (diff) | |
download | gnutls-1a02ec18e9e39f82cee7f9cff74e1f1574bac472.tar.gz |
Eliminated the need for sign_algo in gnutls_pcert_st. This means
that we don't follow RFC5246 by letter, but there wasn't any other
implementation using the sign_algorithm part of the certificate
selection, and this helps reduce complexity.
Diffstat (limited to 'lib/auth/cert.c')
-rw-r--r-- | lib/auth/cert.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 275e9bf40b..39cf8edbd0 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1121,14 +1121,6 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, goto cleanup; } - ret = _gnutls_session_sign_algo_enabled (session, - peer_certificate_list[j].sign_algo); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - p += len; } @@ -2086,11 +2078,7 @@ _gnutls_server_select_cert (gnutls_session_t session, */ /* *INDENT-OFF* */ if (session->security_parameters.cert_type == cred->cert_list[i][0].type - && (cred->cert_list[i][0].type == GNUTLS_CRT_OPENPGP - || /* FIXME: make this a check for certificate - type capabilities */ - _gnutls_session_sign_algo_requested - (session, cred->cert_list[i][0].sign_algo) == 0)) + && (cred->cert_list[i][0].type == GNUTLS_CRT_OPENPGP)) { idx = i; break; |