diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-11 22:00:56 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-11 22:00:58 +0100 |
| commit | 4852d9b8ee67a24e0eb282559cfbbdc1ff7c1de1 (patch) | |
| tree | 7da0803088a61c0daa02f59c3a4dbfd67f6c4108 | |
| parent | 16200f09e69f4cdf23278812898ef9989ee7307a (diff) | |
| download | gnutls-4852d9b8ee67a24e0eb282559cfbbdc1ff7c1de1.tar.gz | |
Only check PK compatibility in client side but also when using openpgp certs.
| -rw-r--r-- | lib/auth/cert.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index f78b68473d..7ccba6e108 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -986,6 +986,9 @@ int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) unsigned req_cert_pk; unsigned kx; + if (session->security_parameters.entity != GNUTLS_CLIENT) + return 0; + cert_pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); if (cert_pk == GNUTLS_PK_UNKNOWN) { gnutls_assert(); @@ -1309,6 +1312,12 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session, NULL); } + ret = check_pk_compat(session, peer_certificate_list[0].pubkey); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + ret = copy_certificate_auth_info(info, peer_certificate_list, 1, subkey_id); |