diff options
Diffstat (limited to 'lib/auth')
-rw-r--r-- | lib/auth/cert.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 450f9f4d6f..e08e20bd77 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -204,7 +204,8 @@ static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) * CAs and sign algorithms supported by the peer server. */ static int -find_x509_cert(const gnutls_certificate_credentials_t cred, +find_x509_client_cert(gnutls_session_t session, + const gnutls_certificate_credentials_t cred, uint8_t * _data, size_t _data_size, const gnutls_pk_algorithm_t * pk_algos, int pk_algos_length, int *indx) @@ -221,9 +222,10 @@ find_x509_cert(const gnutls_certificate_credentials_t cred, /* If peer doesn't send any issuers and we have a single certificate * then send that one. */ - if (data_size == 0 && cred->ncerts == 1) { - *indx = 0; - return 0; + if (cred->ncerts == 1 && + (data_size == 0 || session->internals.force_client_cert)) { + *indx = 0; + return 0; } do { @@ -654,7 +656,7 @@ select_client_cert(gnutls_session_t session, if (session->security_parameters.cert_type == GNUTLS_CRT_X509) result = - find_x509_cert(cred, _data, _data_size, + find_x509_client_cert(session, cred, _data, _data_size, pk_algos, pk_algos_length, &indx); #ifdef ENABLE_OPENPGP else if (session->security_parameters.cert_type == |