diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-11 11:55:52 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 13:54:42 +0200 |
commit | c63d58f962b0e2c3b522e49279516d713b3b5925 (patch) | |
tree | 453e9013f90b2155559f338b767d02c60883cbcc /lib/tls-sig.c | |
parent | b9f8a51fca7552be88efa8789ed504ae415106d1 (diff) | |
download | gnutls-c63d58f962b0e2c3b522e49279516d713b3b5925.tar.gz |
handshake: select a signature algorithm early
That is, select the signature algorithm at the point the certificate and
ciphersuites are decided. Also ensure that a compatible signature algorithm
with the ciphersuite and the key is selected.
That prevents situations where a ciphersuite and a certificate are
negotiated, but later on the handshake we figure that there are no
common signature algorithms.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/tls-sig.c')
-rw-r--r-- | lib/tls-sig.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 4ebab54f88..95a7b3ea64 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -175,14 +175,12 @@ _gnutls_handshake_sign_data(gnutls_session_t session, unsigned key_usage = 0; int ret; - *sign_algo = _gnutls_session_get_sign_algo(session, cert, 0); + *sign_algo = session->security_parameters.server_sign_algo; if (*sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; } - gnutls_sign_algorithm_set_server(session, *sign_algo); - gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); ret = check_key_usage_for_sig(session, key_usage, 1); |