diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-20 21:07:31 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-20 21:07:38 +0200 |
commit | 14cdffd508a834f0df1935732455c40432ad36b0 (patch) | |
tree | 59b85698dc8580cc93b86affe67d3f598882962d /lib/gnutls_handshake.c | |
parent | 48b9a6905e347e8d88ee724ccdfd57239d60da8f (diff) | |
download | gnutls-14cdffd508a834f0df1935732455c40432ad36b0.tar.gz |
client side ECC fixes.
Diffstat (limited to 'lib/gnutls_handshake.c')
-rw-r--r-- | lib/gnutls_handshake.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 0e11c2fcd1..759987463d 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -3344,6 +3344,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, if (server) delete = check_server_params (session, kx, alg, alg_size); } + + /* If we have not agreed to a common curve with the peer don't bother + * negotiating ECDH. + */ + if (session->security_parameters.entity == GNUTLS_SERVER && (kx == GNUTLS_KX_ANON_ECDH)) + { + if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID) + delete = 1; + } /* These two SRP kx's are marked to require a CRD_CERTIFICATE, (see cred_mappings in gnutls_algorithms.c), but it also |