diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-20 13:47:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-04 11:31:27 +0200 |
commit | 79f02a288d1dd6c2c4cdb4a7b2307fe643fe9a33 (patch) | |
tree | c14b4ee18b0d15d45f0a01e57f88086f0dc90d5a | |
parent | 9f90ea9b61ee0e27d25d43e9b34680f8099538b2 (diff) | |
download | gnutls-79f02a288d1dd6c2c4cdb4a7b2307fe643fe9a33.tar.gz |
_gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated
That is, if we are performing PSK under TLS1.3, don't bother
checking whether the certificate is compatible with the ciphersuite;
there isn't any.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms/ciphersuites.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index ef31a05afd..dbfcbb0c90 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1487,9 +1487,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->internals.hsk_flags & HSK_PSK_SELECTED) { if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) continue; - } - - if (cred_type == GNUTLS_CRD_CERTIFICATE) { + } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ @@ -1532,9 +1530,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->internals.hsk_flags & HSK_PSK_SELECTED) { if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) break; - } - - if (cred_type == GNUTLS_CRD_CERTIFICATE) { + } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ |