summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/ext/signature.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 96b97cef94..f7bec7c4f5 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -272,6 +272,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
sig_ext_st *priv;
extension_priv_data_t epriv;
unsigned int cert_algo;
+ gnutls_sign_algorithm_t saved_sigalgo = 0;
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_SIGN_UNKNOWN);
@@ -301,7 +302,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
priv->sign_algorithms[i]) < 0)
continue;
- if (!client_cert && _gnutls_session_sign_algo_enabled
+ if (client_cert && !saved_sigalgo)
+ saved_sigalgo = priv->sign_algorithms[i];
+
+ if (_gnutls_session_sign_algo_enabled
(session, priv->sign_algorithms[i]) < 0)
continue;
@@ -309,6 +313,12 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
}
}
+ /* When having a legacy client certificate which can only be signed
+ * using algorithms we don't always enable by default (e.g., DSA-SHA1),
+ * continue and sign with it. */
+ if (client_cert && saved_sigalgo)
+ return saved_sigalgo;
+
fail:
return GNUTLS_SIGN_UNKNOWN;
}
View Lorry Controller Status