diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-13 13:59:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-13 14:10:51 +0200 |
| commit | a64707030ea0b054ff1b6a09068ee17de1ca4652 (patch) | |
| tree | f673a52bfc148eb443c74cfb0051f8e16d666929 | |
| parent | 95f682816a31909bf97ff5467a5998024caef36f (diff) | |
| download | gnutls-a64707030ea0b054ff1b6a09068ee17de1ca4652.tar.gz | |
handshake: do not overwrite the server's signature algorithm
That is, correct a bug under which a client sending a certificate
would overwrite the server's idea about the used signature algorithm.
Reported by Hubert Kario.
| -rw-r--r-- | lib/gnutls_sig.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 4764e14ab4..ff2e0de3a3 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -249,7 +249,8 @@ verify_tls_hash(gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - gnutls_sign_algorithm_set_server(session, sign_algo); + if (session->security_parameters.entity == GNUTLS_CLIENT) + gnutls_sign_algorithm_set_server(session, sign_algo); ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags, &vdata, signature); |