handshake: enhance same certificate checks to apply to PSK/SRP username

That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-29 10:23:45 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-29 10:30:03 +0200
commit: 9466b800f03a91ef1538dc6f562d58b4607b88e6 (patch)
tree: 88385ec566a43015cd9598feb7b2d4ad3022e815 /tests/rehandshake-switch-cert-client-allow.c
parent: 96cca97371237e31e6c98d705cd31f6b3b268d25 (diff)
download: gnutls-9466b800f03a91ef1538dc6f562d58b4607b88e6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c
index 62193e3479..c4b0bf38b8 100644
--- a/tests/rehandshake-switch-cert-client-allow.c
+++ b/tests/rehandshake-switch-cert-client-allow.c
@@ -75,7 +75,7 @@ static void try(void)
 	gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
 	gnutls_certificate_set_dh_params(serverx509cred, dh_params);
 
-	gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_CERT_CHANGE);
+	gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE);
 	gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
 	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
 			       serverx509cred);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-29 10:23:45 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-29 10:30:03 +0200
commit	9466b800f03a91ef1538dc6f562d58b4607b88e6 (patch)
tree	88385ec566a43015cd9598feb7b2d4ad3022e815 /tests/rehandshake-switch-cert-client-allow.c
parent	96cca97371237e31e6c98d705cd31f6b3b268d25 (diff)
download	gnutls-9466b800f03a91ef1538dc6f562d58b4607b88e6.tar.gz