diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/priority.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/lib/priority.c b/lib/priority.c index e297f3fd2b..a142994725 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1260,16 +1260,29 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->cs.size, priority_cache->sigalg.size, priority_cache->groups.size); - if (priority_cache->cs.size == 0) { - return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); - } - if (priority_cache->sigalg.size == 0) { - if ((tlsmax && tlsmax->id >= GNUTLS_TLS1_2) || (dtlsmax && dtlsmax->id >= GNUTLS_DTLS1_2)) { - return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); + /* no signature algorithms; eliminate TLS 1.2 or DTLS 1.2 and later */ + priority_st newp; + newp.algorithms = 0; + + /* we need to eliminate TLS 1.2 or DTLS 1.2 and later protocols */ + for (i = 0; i < priority_cache->protocol.algorithms; i++) { + if (priority_cache->protocol.priority[i] < GNUTLS_TLS1_2) { + newp.priority[newp.algorithms++] = priority_cache->protocol.priority[i]; + } else if (priority_cache->protocol.priority[i] >= GNUTLS_DTLS_VERSION_MIN && + priority_cache->protocol.priority[i] < GNUTLS_DTLS1_2) { + newp.priority[newp.algorithms++] = priority_cache->protocol.priority[i]; + } } + memcpy(&priority_cache->protocol, &newp, sizeof(newp)); + + if (priority_cache->protocol.algorithms == 0) + return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); } + if (priority_cache->cs.size == 0) + return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); + /* when TLS 1.3 is available we must have groups set */ if (tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && priority_cache->groups.size == 0) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); |