summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2018-10-04 08:27:10 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-10-16 09:04:53 +0200
commitba87e9391002aa7c2bad9adb9e005f817f6f613e (patch)
tree450a8936716281baa5918a62b34f2d96a76bccc2
parent8dd5b32b5a1a709d90bced2959b80a16af66389f (diff)
downloadgnutls-ba87e9391002aa7c2bad9adb9e005f817f6f613e.tar.gz
_gnutls_server_select_cert: return error when no server cert is selectedtmp-auto-reauth
When a certificate callback is used and no certificate is provided by it, return an error rather than trying to use it (and crashing) later. Note that this affects only an "illegal" code path when a server would have provided no certificate, something which must not happen on a real-world server. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--lib/auth/cert.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 069968c5d3..61a55f0745 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1338,12 +1338,14 @@ _gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_e
* use it and leave. We make sure that this is called once.
*/
if (cred->get_cert_callback3) {
-
if (session->internals.selected_cert_list_length == 0) {
ret = call_get_cert_callback(session, NULL, 0, NULL, 0);
if (ret < 0)
return gnutls_assert_val(ret);
+ if (session->internals.selected_cert_list_length == 0)
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
_gnutls_debug_log("Selected (%s) cert\n",
gnutls_pk_get_name(session->internals.selected_cert_list[0].pubkey->params.algo));
}
@@ -1352,9 +1354,8 @@ _gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_e
&session->internals.selected_cert_list[0],
session->internals.selected_key,
cs);
- if (ret < 0) {
+ if (ret < 0)
return gnutls_assert_val(ret);
- }
return 0;
}