diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 02:54:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 02:54:08 +0200 |
commit | 6773d2ddb01d86fa283ce154b419e989916ab3f7 (patch) | |
tree | c3e38318016acfd0c50c8a4f6d694f5aa6d6f08a /lib/gnutls_x509.c | |
parent | 9a262d093744f37b26f45c4e74d22f3a5a425211 (diff) | |
download | gnutls-6773d2ddb01d86fa283ce154b419e989916ab3f7.tar.gz |
Improved TLS 1.2 support. Added support for the SignatureAlgorithm extension
as well for the SignatureAlgorithm in certificate request.
Limitation for TLS 1.2 clients:
Only SHA1 or SHA256 are supported for generating signatures in
certificate verify message. That is to avoid storing all handshake
messages in memory. To be reconsidered in the future.
Diffstat (limited to 'lib/gnutls_x509.c')
-rw-r--r-- | lib/gnutls_x509.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 4ee09841a5..ab7e44709f 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -159,6 +159,14 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, return ret; } + + if (ret < 0) + { + gnutls_assert(); + CLEAR_CERTS; + return ret; + } + ret = check_bits (peer_certificate_list[i], cred->verify_bits); if (ret < 0) { @@ -171,6 +179,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, /* Verify certificate */ + ret = gnutls_x509_crt_list_verify (peer_certificate_list, peer_certificate_list_size, cred->x509_ca_list, cred->x509_ncas, |