Do not output error if a server replies with a SignatureAlgorithms extension.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-11-01 14:57:24 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-11-01 14:57:24 +0200
commit: ac35cd8455b6043bdb2ddc1c46979d24b23a5bcf (patch)
tree: bdc4985b99f77110a5067ca50ca11d650d91139c /lib
parent: 5f3d02d6bd9f46568b89e19120e425d5e25dc11c (diff)
download: gnutls-ac35cd8455b6043bdb2ddc1c46979d24b23a5bcf.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index 828c006d32..fec09df710 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -216,7 +216,11 @@ _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
     {
       /* nothing for now */
       gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET;
+      /* Although TLS 1.2 mandates that we must not accept reply
+       * to this message, there are good reasons to just ignore it. Check
+       * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
+       */
+      /* return GNUTLS_E_UNEXPECTED_PACKET; */
     }
   else
     {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-11-01 14:57:24 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-11-01 14:57:24 +0200
commit	ac35cd8455b6043bdb2ddc1c46979d24b23a5bcf (patch)
tree	bdc4985b99f77110a5067ca50ca11d650d91139c /lib
parent	5f3d02d6bd9f46568b89e19120e425d5e25dc11c (diff)
download	gnutls-ac35cd8455b6043bdb2ddc1c46979d24b23a5bcf.tar.gz