handshake: do not overwrite the server's signature algorithm

That is, correct a bug under which a client sending a certificate would overwrite the server's idea about the used signature algorithm. Reported by Hubert Kario.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-13 13:59:02 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-13 13:59:04 +0200
commit: d57b99ad0455dab974c89e7fffb6717e870e519f (patch)
tree: fdea6518a2e3b324e4b61c7462c0a3f2befa4987 /lib/tls-sig.c
parent: 110fbc28191ee0fe2b2bfaea7696c2c5e9ea646d (diff)
download: gnutls-d57b99ad0455dab974c89e7fffb6717e870e519f.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index f51966aa3e..f5f470afb9 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -260,7 +260,8 @@ verify_tls_hash(gnutls_session_t session,
 		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
-	gnutls_sign_algorithm_set_server(session, sign_algo);
+	if (session->security_parameters.entity == GNUTLS_CLIENT)
+		gnutls_sign_algorithm_set_server(session, sign_algo);
 
 	ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
 					 &vdata, signature);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-13 13:59:02 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-13 13:59:04 +0200
commit	d57b99ad0455dab974c89e7fffb6717e870e519f (patch)
tree	fdea6518a2e3b324e4b61c7462c0a3f2befa4987 /lib/tls-sig.c
parent	110fbc28191ee0fe2b2bfaea7696c2c5e9ea646d (diff)
download	gnutls-d57b99ad0455dab974c89e7fffb6717e870e519f.tar.gz