Improved TLS 1.2 support. Added support for the SignatureAlgorithm extension

as well for the SignatureAlgorithm in certificate request. Limitation for TLS 1.2 clients: Only SHA1 or SHA256 are supported for generating signatures in certificate verify message. That is to avoid storing all handshake messages in memory. To be reconsidered in the future.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-11-01 02:54:08 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-11-01 02:54:08 +0200
commit: 6773d2ddb01d86fa283ce154b419e989916ab3f7 (patch)
tree: c3e38318016acfd0c50c8a4f6d694f5aa6d6f08a /lib/gnutls_x509.c
parent: 9a262d093744f37b26f45c4e74d22f3a5a425211 (diff)
download: gnutls-6773d2ddb01d86fa283ce154b419e989916ab3f7.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 4ee09841a5..ab7e44709f 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -159,6 +159,14 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
 	  return ret;
 	}
 
+      
+      if (ret < 0)
+        {
+          gnutls_assert();
+          CLEAR_CERTS;
+          return ret;
+        }
+
       ret = check_bits (peer_certificate_list[i], cred->verify_bits);
       if (ret < 0)
 	{
@@ -171,6 +179,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
 
   /* Verify certificate 
    */
+  
   ret = gnutls_x509_crt_list_verify (peer_certificate_list,
 				     peer_certificate_list_size,
 				     cred->x509_ca_list, cred->x509_ncas,
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-11-01 02:54:08 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-11-01 02:54:08 +0200
commit	6773d2ddb01d86fa283ce154b419e989916ab3f7 (patch)
tree	c3e38318016acfd0c50c8a4f6d694f5aa6d6f08a /lib/gnutls_x509.c
parent	9a262d093744f37b26f45c4e74d22f3a5a425211 (diff)
download	gnutls-6773d2ddb01d86fa283ce154b419e989916ab3f7.tar.gz