diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-20 13:47:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-03 11:29:59 +0200 |
commit | adbbf39a2b68424cd2d29017957d406e9a03ae3f (patch) | |
tree | c3280a18fcf6df37334b0db46104efcc9292bee3 | |
parent | 23e4e1fb13914aaf982321f41120c8abcd330b18 (diff) | |
download | gnutls-adbbf39a2b68424cd2d29017957d406e9a03ae3f.tar.gz |
_gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated
That is, if we are performing PSK under TLS1.3, don't bother
checking whether the certificate is compatible with the ciphersuite;
there isn't any.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms/ciphersuites.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index ef31a05afd..dbfcbb0c90 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1487,9 +1487,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->internals.hsk_flags & HSK_PSK_SELECTED) { if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) continue; - } - - if (cred_type == GNUTLS_CRD_CERTIFICATE) { + } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ @@ -1532,9 +1530,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->internals.hsk_flags & HSK_PSK_SELECTED) { if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) break; - } - - if (cred_type == GNUTLS_CRD_CERTIFICATE) { + } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ |