diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 17:52:22 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 17:52:22 +0200 |
| commit | 3349e19bcf9f7289df22b450c283d7ca21278e16 (patch) | |
| tree | a17a9b6121ce3af4e30a9690842f4899aea920a2 /lib/auth_cert.c | |
| parent | 07dba24ea3c1fb0b808c79ec32c537cffcb7c741 (diff) | |
| download | gnutls-3349e19bcf9f7289df22b450c283d7ca21278e16.tar.gz | |
Do not check signature algorithms for certificate selection when using openpgp certificates.
Diffstat (limited to 'lib/auth_cert.c')
| -rw-r--r-- | lib/auth_cert.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index a3756336e9..d6373163dc 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1921,8 +1921,12 @@ _gnutls_server_select_cert (gnutls_session_t session, { /* if cert type and signature algorithm matches */ - if (session->security_parameters.cert_type == - cred->cert_list[i][0].cert_type && _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0) + if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type && + (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP || /* FIXME: make this a check for + * certificate type capabilities + */ + !_gnutls_version_has_selectable_sighash (gnutls_protocol_get_version (session)) || + _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0)) { idx = i; break; |