diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-28 09:27:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 16:46:18 +0200 |
commit | 31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8 (patch) | |
tree | 8aefefc7ec6e3fe66fdd4953304e7c6c9a7ce9bd /lib/tls-sig.c | |
parent | b05d57f6463e1f08c3fe14d4d2c1a556a68c0b47 (diff) | |
download | gnutls-31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8.tar.gz |
prior to negotiating a signature check compatibility with private key
That is, check if the private key can support the public key operation
needed for the signature. That in particular includes, excluding the
Ed25519 and RSA-PSS from being used with the 'EXT' keys as the
current API cannot handle them, and RSA-PSS from being used by PKCS#11
RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism.
Relates #234
Resolves #209
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/tls-sig.c')
-rw-r--r-- | lib/tls-sig.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 95a7b3ea64..a452cdfb77 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -554,7 +554,7 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, if (sign_algo == GNUTLS_SIGN_UNKNOWN || _gnutls_session_sign_algo_enabled(session, sign_algo) < 0) { - sign_algo = _gnutls_session_get_sign_algo(session, cert, 1); + sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; |