summaryrefslogtreecommitdiff
path: root/lib/gnutls_handshake.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2011-05-20 21:07:31 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2011-05-20 21:07:38 +0200
commit14cdffd508a834f0df1935732455c40432ad36b0 (patch)
tree59b85698dc8580cc93b86affe67d3f598882962d /lib/gnutls_handshake.c
parent48b9a6905e347e8d88ee724ccdfd57239d60da8f (diff)
downloadgnutls-14cdffd508a834f0df1935732455c40432ad36b0.tar.gz
client side ECC fixes.
Diffstat (limited to 'lib/gnutls_handshake.c')
-rw-r--r--lib/gnutls_handshake.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 0e11c2fcd1..759987463d 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -3344,6 +3344,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
if (server)
delete = check_server_params (session, kx, alg, alg_size);
}
+
+ /* If we have not agreed to a common curve with the peer don't bother
+ * negotiating ECDH.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER && (kx == GNUTLS_KX_ANON_ECDH))
+ {
+ if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID)
+ delete = 1;
+ }
/* These two SRP kx's are marked to require a CRD_CERTIFICATE,
(see cred_mappings in gnutls_algorithms.c), but it also