diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-30 00:04:00 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-04-30 00:04:00 +0000 |
| commit | 5920ff8dfa65e3b0ad931cdb977cb2d9912b3cd0 (patch) | |
| tree | ec238d737d4dce63c960a2577116dfe8bb3e1411 /lib | |
| parent | c6a615c3fd1e6a6b2ab5268585cffc78a3e56432 (diff) | |
| download | gnutls-5920ff8dfa65e3b0ad931cdb977cb2d9912b3cd0.tar.gz | |
Fixes in the automatic disabling of certificate types.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ext_cert_type.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_cert.c | 1 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 22 |
3 files changed, 17 insertions, 13 deletions
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index ba2998ff00..97e769d0e7 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -98,7 +98,12 @@ int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, s if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) { gnutls_assert(); - return ret; + /* The peer has requested unsupported certificate + * types. Instead of failing, procceed normally. + * (the ciphersuite selection would fail, or a + * non certificate ciphersuite will be selected). + */ + return 0; } _gnutls_session_cert_type_set( session, new_type); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 344ae964d4..3919befb56 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -248,7 +248,6 @@ int _gnutls_selected_cert_supported_kx( gnutls_session session, gnutls_kx_algori int i; if (session->internals.selected_cert_list_length == 0) { - gnutls_assert(); *alg_size = 0; *alg = NULL; return 0; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 352d13104b..8fe59a4bfb 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -117,25 +117,25 @@ int _gnutls_session_cert_type_supported( gnutls_session session, { uint i; uint cert_found = 0; - - const gnutls_certificate_credentials cred; +const gnutls_certificate_credentials cred; - cred = - _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); - - if (session->security_parameters.entity==GNUTLS_SERVER && - cred != NULL) { + if (session->security_parameters.entity==GNUTLS_SERVER) { + cred = + _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); + + if (cred == NULL) + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; for (i = 0; i < cred->ncerts; i++) { if (cred->cert_list[i][0].cert_type == cert_type) { cert_found = 1; break; } - if (cert_found == 0) - /* no certificate is of that type. - */ - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } + if (cert_found == 0) + /* no certificate is of that type. + */ + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } |