diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-01-10 12:12:25 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-01-10 12:15:07 +0100 |
commit | e887805a9465f803a1c8682fa16f8f2b9066bce8 (patch) | |
tree | e5d3dd1bf40f7577d0cf3c893b25b2d8b8dc5779 /lib/gnutls_state.c | |
parent | 9e949882286d4e83de8c0e0c5ffb91d014fae71b (diff) | |
download | gnutls-e887805a9465f803a1c8682fa16f8f2b9066bce8.tar.gz |
When setting up TLS with cert-type OpenPGP from a client,
the server verifies if it supports the extension’s contents
in _gnutls_session_cert_type_supported(). This function
checks for cred->get_cert_callback but not cred->get_cert_callback2.
As a result, servers setup for OpenPGP certificate credential
callback with gnutls_certificate_set_retrieve_function2() are
unable to use the OpenPGP certificate type.
The solution is to consider cred->get_cert_callback2 alongside
cred->get_cert_callback in _gnutls_session_cert_type_supported().
Patch by Rick van Rein.
Diffstat (limited to 'lib/gnutls_state.c')
-rw-r--r-- | lib/gnutls_state.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 18d657211e..5ca00a3680 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -190,7 +190,8 @@ _gnutls_session_cert_type_supported(gnutls_session_t session, return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; if (cred->server_get_cert_callback == NULL - && cred->get_cert_callback == NULL) { + && cred->get_cert_callback == NULL + && cred->get_cert_callback2 == NULL) { for (i = 0; i < cred->ncerts; i++) { if (cred->certs[i].cert_list[0].type == cert_type) { |