When setting up TLS with cert-type OpenPGP from a client,

the server verifies if it supports the extension’s contents in _gnutls_session_cert_type_supported(). This function checks for cred->get_cert_callback but not cred->get_cert_callback2. As a result, servers setup for OpenPGP certificate credential callback with gnutls_certificate_set_retrieve_function2() are unable to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-01-10 12:12:25 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-01-10 12:15:07 +0100
commit: e887805a9465f803a1c8682fa16f8f2b9066bce8 (patch)
tree: e5d3dd1bf40f7577d0cf3c893b25b2d8b8dc5779 /lib/gnutls_state.c
parent: 9e949882286d4e83de8c0e0c5ffb91d014fae71b (diff)
download: gnutls-e887805a9465f803a1c8682fa16f8f2b9066bce8.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 18d657211e..5ca00a3680 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -190,7 +190,8 @@ _gnutls_session_cert_type_supported(gnutls_session_t session,
 			return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
 
 		if (cred->server_get_cert_callback == NULL
-		    && cred->get_cert_callback == NULL) {
+		    && cred->get_cert_callback == NULL
+		    && cred->get_cert_callback2 == NULL) {
 			for (i = 0; i < cred->ncerts; i++) {
 				if (cred->certs[i].cert_list[0].type ==
 				    cert_type) {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-01-10 12:12:25 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-01-10 12:15:07 +0100
commit	e887805a9465f803a1c8682fa16f8f2b9066bce8 (patch)
tree	e5d3dd1bf40f7577d0cf3c893b25b2d8b8dc5779 /lib/gnutls_state.c
parent	9e949882286d4e83de8c0e0c5ffb91d014fae71b (diff)
download	gnutls-e887805a9465f803a1c8682fa16f8f2b9066bce8.tar.gz