diff options
Diffstat (limited to 'lib/algorithms/ciphersuites.c')
-rw-r--r-- | lib/algorithms/ciphersuites.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 063363b5bf..ef31a05afd 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1482,6 +1482,13 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (!kx_is_ok(session, kx, cred_type, &sgroup)) continue; + /* if we have selected PSK, we need a ciphersuites which matches + * the selected binder */ + if (session->internals.hsk_flags & HSK_PSK_SELECTED) { + if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) + continue; + } + if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { @@ -1520,6 +1527,13 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (!kx_is_ok(session, kx, cred_type, &sgroup)) break; + /* if we have selected PSK, we need a ciphersuites which matches + * the selected binder */ + if (session->internals.hsk_flags & HSK_PSK_SELECTED) { + if (session->key.proto.tls13.binder_prf->id != session->internals.priorities->cs.entry[j]->prf) + break; + } + if (cred_type == GNUTLS_CRD_CERTIFICATE) { ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); if (ret < 0) { |