(_gnutls_gen_cert_server_cert_req): For TLS 1.2, generate conforming

cert requests (i.e., include a empty list of supported hashes). Report and tiny patch from ludovic.courtes@laas.fr (Ludovic Courtès).
author: Simon Josefsson <simon@josefsson.org> 2006-12-27 18:52:10 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-12-27 18:52:10 +0000
commit: d98793f0cb75cdff9b29d174a776ec14629ef403 (patch)
tree: c5b8f2f9d73806dc122dcba9e8e05cfdef8f984e /lib
parent: bd8712ce66c84d3a2e76f0f299e051c390fa6af8 (diff)
download: gnutls-d98793f0cb75cdff9b29d174a776ec14629ef403.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index b7f1f596c6..86dd3bdabe 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1403,6 +1403,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
   gnutls_certificate_credentials_t cred;
   int size;
   opaque *pdata;
+  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
   /* Now we need to generate the RDN sequence. This is
    * already in the CERTIFICATE_CRED structure, to improve
@@ -1439,6 +1440,13 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
   pdata[2] = DSA_SIGN;		/* only these for now */
   pdata += CERTTYPE_SIZE;
 
+  if (ver == GNUTLS_TLS1_2)
+    {
+      /* Supported hashes (nothing for now -- FIXME). */
+      *pdata = 0;
+      pdata++, size++;
+    }
+
   if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
       session->internals.ignore_rdn_sequence == 0)
     {
author	Simon Josefsson <simon@josefsson.org>	2006-12-27 18:52:10 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-12-27 18:52:10 +0000
commit	d98793f0cb75cdff9b29d174a776ec14629ef403 (patch)
tree	c5b8f2f9d73806dc122dcba9e8e05cfdef8f984e /lib
parent	bd8712ce66c84d3a2e76f0f299e051c390fa6af8 (diff)
download	gnutls-d98793f0cb75cdff9b29d174a776ec14629ef403.tar.gz