Fixed erroneous checks and sloppy return values in certificate selection.

* lib/auth_cert.c (_gnutls_get_selected_cert): Dereference APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating their value. (_gnutls_server_select_cert): When IDX < 0, set RET to `GNUTLS_E_INSUFFICIENT_CREDENTIALS'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
author: Ludovic Courtès <ludo@gnu.org> 2007-08-01 23:18:58 +0200
committer: Simon Josefsson <simon@josefsson.org> 2007-08-02 20:35:57 +0200
commit: 10d8110588533e91d67960e058d696f12ee1065c (patch)
tree: ae42d5295e64dbefda57b4cf854e5e3bc765a91b /lib
parent: d86f140d8547e32a7ada6a6d55de2f836e9b694c (diff)
download: gnutls-10d8110588533e91d67960e058d696f12ee1065c.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index f91c71c4b6..f0cb427205 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1483,8 +1483,8 @@ _gnutls_get_selected_cert (gnutls_session_t session,
       *apr_pkey = session->internals.selected_key;
       *apr_cert_list_length = session->internals.selected_cert_list_length;
 
-      if (apr_cert_list_length == 0 || apr_pkey == NULL ||
-	  apr_cert_list == NULL)
+      if (*apr_cert_list_length == 0 || *apr_pkey == NULL ||
+	  *apr_cert_list == NULL)
 	{
 	  gnutls_assert ();
 	  return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -1763,6 +1763,9 @@ _gnutls_server_select_cert (gnutls_session_t session,
 				  cred->cert_list_length[idx],
 				  &cred->pkey[idx], 0);
     }
+  else
+    /* Certificate does not support REQUESTED_ALGO.  */
+    ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 
   return ret;
 }
author	Ludovic Courtès <ludo@gnu.org>	2007-08-01 23:18:58 +0200
committer	Simon Josefsson <simon@josefsson.org>	2007-08-02 20:35:57 +0200
commit	10d8110588533e91d67960e058d696f12ee1065c (patch)
tree	ae42d5295e64dbefda57b4cf854e5e3bc765a91b /lib
parent	d86f140d8547e32a7ada6a6d55de2f836e9b694c (diff)
download	gnutls-10d8110588533e91d67960e058d696f12ee1065c.tar.gz