diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-29 10:23:45 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-29 10:30:03 +0200 |
commit | 9466b800f03a91ef1538dc6f562d58b4607b88e6 (patch) | |
tree | 88385ec566a43015cd9598feb7b2d4ad3022e815 /tests/rehandshake-switch-cert-client-allow.c | |
parent | 96cca97371237e31e6c98d705cd31f6b3b268d25 (diff) | |
download | gnutls-9466b800f03a91ef1538dc6f562d58b4607b88e6.tar.gz |
handshake: enhance same certificate checks to apply to PSK/SRP username
That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake
clients will not be allowed to present another certificate than the original,
or change their username for PSK or SRP ciphersuites.
Diffstat (limited to 'tests/rehandshake-switch-cert-client-allow.c')
-rw-r--r-- | tests/rehandshake-switch-cert-client-allow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c index 62193e3479..c4b0bf38b8 100644 --- a/tests/rehandshake-switch-cert-client-allow.c +++ b/tests/rehandshake-switch-cert-client-allow.c @@ -75,7 +75,7 @@ static void try(void) gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_dh_params(serverx509cred, dh_params); - gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_CERT_CHANGE); + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); |