* @session: is a #gnutls_session_t structure.
*
* Returns the signature algorithm that is (or will be) used in this
- * session to sign data.
+ * session by the server to sign data.
*
* Returns: The sign algorithm or %GNUTLS_SIGN_UNKNOWN.
*
int
gnutls_sign_algorithm_get (gnutls_session_t session)
{
- return session->security_parameters.sign_algo;
+ return session->security_parameters.server_sign_algo;
+}
+
+/**
+ * gnutls_sign_algorithm_get_client:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the signature algorithm that is (or will be) used in this
+ * session by the client to sign data.
+ *
+ * Returns: The sign algorithm or %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Since: 3.1.11
+ **/
+int
+gnutls_sign_algorithm_get_client (gnutls_session_t session)
+{
+ return session->security_parameters.client_sign_algo;
}
gnutls_sign_algorithm_t sig);
static inline void
-gnutls_sign_algorithm_set (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+gnutls_sign_algorithm_set_server (gnutls_session_t session, gnutls_sign_algorithm_t sign)
{
- session->security_parameters.sign_algo = sign;
+ session->security_parameters.server_sign_algo = sign;
+}
+
+static inline void
+gnutls_sign_algorithm_set_client (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+{
+ session->security_parameters.client_sign_algo = sign;
}
#endif
gnutls_protocol_t version; /* moved here */
/* Holds the signature algorithm used in this session - If any */
- gnutls_sign_algorithm_t sign_algo;
+ gnutls_sign_algorithm_t server_sign_algo;
+ gnutls_sign_algorithm_t client_sign_algo;
/* FIXME: The following are not saved in the session storage
* for session resumption.
BUFFER_APPEND (ps, &session->security_parameters.new_record_padding, 1);
BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.server_sign_algo);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.client_sign_algo);
+
_gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return 0;
BUFFER_POP_NUM (ps,
session->internals.resumed_security_parameters.ecc_curve);
+ BUFFER_POP_NUM (ps,
+ session->internals.resumed_security_parameters.server_sign_algo);
+ BUFFER_POP_NUM (ps,
+ session->internals.resumed_security_parameters.client_sign_algo);
if (session->internals.resumed_security_parameters.max_record_recv_size == 0 ||
session->internals.resumed_security_parameters.max_record_send_size == 0)
gnutls_assert ();
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
-
- gnutls_sign_algorithm_set(session, *sign_algo);
+
+ gnutls_sign_algorithm_set_server(session, *sign_algo);
hash_algo = gnutls_sign_get_hash_algorithm (*sign_algo);
return GNUTLS_E_INTERNAL_ERROR;
}
+ gnutls_sign_algorithm_set_server(session, sign_algo);
+
ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
&vdata, signature);
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
if (ret < 0)
return gnutls_assert_val(ret);
+
+ gnutls_sign_algorithm_set_client(session, sign_algo);
hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
}
return ret;
-
}
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
- gnutls_sign_algorithm_set(session, sign_algo);
+ gnutls_sign_algorithm_set_client(session, sign_algo);
hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
gnutls_certificate_type_get (gnutls_session_t session);
int gnutls_sign_algorithm_get (gnutls_session_t session);
+ int gnutls_sign_algorithm_get_client (gnutls_session_t session);
int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
size_t indx,
gnutls_privkey_status;
gnutls_cipher_get_iv_size;
gnutls_hmac_set_nonce;
+ gnutls_sign_algorithm_get_client;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {