The library notifies the application on empty and illegal SRP usernames,

so that proper notification (via an alert) is sent to the peer. Currently when
the SRP ciphersuite is advertized but no username is sent by the peer, the
library returns GNUTLS_E_EMPTY_SRP_USERNAME, and the alert associated with
this is GNUTLS_A_ACCESS_DENIED (to be changed when the srp draft defines something
more appropriate).

3 files changed, 5 insertions, 2 deletions

diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index e7d8269451..b3060dc469 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -140,6 +140,10 @@ int _level = -1;
 			ret = GNUTLS_A_BAD_RECORD_MAC;
 			_level = GNUTLS_AL_FATAL;
 			break;
+		case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+			ret = GNUTLS_A_ACCESS_DENIED;
+			_level = GNUTLS_AL_FATAL;
+			break;
 		case GNUTLS_E_DECOMPRESSION_FAILED:
 			ret = GNUTLS_A_DECOMPRESSION_FAILURE;
 			_level = GNUTLS_AL_FATAL;
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
index a62de07565..becdd87505 100644
--- a/lib/gnutls_auth_int.h
+++ b/lib/gnutls_auth_int.h
@@ -1,4 +1,4 @@
-int gnutls_clear_creds( gnutls_session session);
+void gnutls_credentials_clear( gnutls_session session);
 int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type, void* cred);
 const void *_gnutls_get_cred( GNUTLS_KEY key, gnutls_credentials_type kx, int* err);
 const void *_gnutls_get_kx_cred( gnutls_session session, gnutls_kx_algorithm algo, int *err);
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 506dab7104..54ef95434b 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2325,7 +2325,6 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session session,
 	if (cert == NULL) {
 		/* No certificate was found 
 		 */
-		gnutls_assert();
 		alg_size = 0;
 		alg = NULL;
 	} else {