more srp related fixes. No longer fails authentication if wrong username

is provided.

1 files changed, 15 insertions, 11 deletions

diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index 14c43c6a4b..3b5222bcc0 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -24,10 +24,12 @@
 #include "auth_srp.h"
 
 int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) {
-	if (data_size > 0) {
-		state->gnutls_key->username = gnutls_malloc(data_size+1);
-		memcpy(state->gnutls_key->username, data, data_size);
-		state->gnutls_key->username[data_size]=0; /* null terminated */
+	if (state->security_parameters.entity == GNUTLS_SERVER) {
+		if (data_size > 0) {
+			state->gnutls_key->username = gnutls_malloc(data_size+1);
+			memcpy(state->gnutls_key->username, data, data_size);
+			state->gnutls_key->username[data_size]=0; /* null terminated */
+		}
 	}
 	return 0;
 }
@@ -36,16 +38,18 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si
  * data is allocated localy
  */
 int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
-	/* this functions sends the server extension data */
-SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP);
+	/* this function sends the client extension data (username) */
+	if (state->security_parameters.entity == GNUTLS_CLIENT) {
+		SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP);
 
-	(*data) = NULL;
+		(*data) = NULL;
 
-	if (cred==NULL) return 0;
+		if (cred==NULL) return 0;
 
-	if (cred->username!=NULL) { /* send username */
-		(*data) = strdup( cred->username);
-		return strlen( cred->username);
+		if (cred->username!=NULL) { /* send username */
+			(*data) = strdup( cred->username);
+			return strlen( cred->username);
+		}
 	}
 	return 0;
 }