1 files changed, 35 insertions, 2 deletions

diff --git a/lib/ext/cert_types.h b/lib/ext/cert_types.h
index c54e0f2bfe..04e024d5db 100644
--- a/lib/ext/cert_types.h
+++ b/lib/ext/cert_types.h
@@ -26,11 +26,13 @@
 /* Maps IANA TLS Certificate Types identifiers to internal
  * certificate type representation.
  */
-static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num)
+static inline gnutls_certificate_type_t IANA2cert_type(int num)
 {
 	switch (num) {
 		case 0:
 			return GNUTLS_CRT_X509;
+		case 2:
+			return GNUTLS_CRT_RAWPK;
 		default:
 			return GNUTLS_CRT_UNKNOWN;
 	}
@@ -39,12 +41,43 @@ static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num)
 /* Maps internal certificate type representation to
  * IANA TLS Certificate Types identifiers.
  */
-static inline int _gnutls_cert_type2IANA(gnutls_certificate_type_t cert_type)
+static inline int cert_type2IANA(gnutls_certificate_type_t cert_type)
 {
 	switch (cert_type) {
 		case GNUTLS_CRT_X509:
 			return 0;
+		case GNUTLS_CRT_RAWPK:
+			return 2;
 		default:
 			return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
 	}
 }
+
+/* Checks whether the given cert type is enabled in the application
+ */
+static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type)
+{
+	switch(cert_type) {
+		case GNUTLS_CRT_X509:
+			// Default cert type, always enabled
+			return true;
+		case GNUTLS_CRT_RAWPK:
+			return session->internals.flags & GNUTLS_ENABLE_RAWPK;
+		default:
+			// When not explicitly supported here disable it
+			return false;
+	}
+}
+
+/* Checks whether alternative cert types (i.e. other than X.509)
+ * are enabled in the application
+ */
+static inline bool are_alternative_cert_types_allowed(gnutls_session_t session)
+{
+	// OR-ed list of defined cert type init flags
+	#define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK
+
+	return session->internals.flags & CERT_TYPES_FLAGS;
+
+	#undef CERT_TYPES_FLAGS
+}