From c33e6256c1a29feaa677b84d4b534d3e874846e8 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 23 Apr 2004 06:24:00 +0000
Subject: *** empty log message ***

---
 lib/auth_cert.c   | 5 ++++-
 lib/gnutls_cert.c | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index c31eea5b82..8d00996651 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -399,6 +399,9 @@ const gnutls_certificate_credentials cred;
 		return GNUTLS_E_INTERNAL_ERROR;
 	}
 	
+	if (st.ncerts == 0)
+		return 0; /* no certificate was selected */
+	
 	if (type != st.type) {
 		gnutls_assert();
 		ret = GNUTLS_E_INVALID_REQUEST;
@@ -411,7 +414,7 @@ const gnutls_certificate_credentials cred;
 			local_key = alloc_and_load_x509_key(st.key.x509);
 
 	} else { /* PGP */
-		if (st.ncerts != 1) {
+		if (st.ncerts > 1) {
 			gnutls_assert();
 			ret = GNUTLS_E_INVALID_REQUEST;
 			goto cleanup;
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 3c78a21056..45d9081c66 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -329,7 +329,8 @@ void gnutls_certificate_server_set_request(gnutls_session session,
   * handshake, after the certificate request message has been received.
   *
   * The callback function should set the certificate list to be sent, and
-  * return 0 on success.  The value (-1) indicates error and the handshake
+  * return 0 on success. If no certificate was select then the number of certificates
+  * should be set to zero. The value (-1) indicates error and the handshake
   * will be terminated.
   **/
 void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credentials cred,
-- 
cgit v1.2.1