gnutls_buffer_st buf;
unsigned optional = 0;
- if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+ if (!session->internals.initial_negotiation_completed &&
+ session->internals.hsk_flags & HSK_PSK_SELECTED)
return 0;
if (session->security_parameters.entity == GNUTLS_SERVER) {
gnutls_certificate_credentials_t cred;
if (again == 0) {
- if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+ if (!session->internals.initial_negotiation_completed &&
+ session->internals.hsk_flags & HSK_PSK_SELECTED)
return 0;
+
if (session->security_parameters.entity == GNUTLS_SERVER &&
session->internals.resumed)
return 0;
int ret;
gnutls_buffer_st buf;
- if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+ if (!session->internals.initial_negotiation_completed &&
+ session->internals.hsk_flags & HSK_PSK_SELECTED)
return 0;
if (unlikely(session->security_parameters.entity != GNUTLS_CLIENT))
if (again == 0) {
unsigned char rnd[12];
- if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+ if (!session->internals.initial_negotiation_completed &&
+ session->internals.hsk_flags & HSK_PSK_SELECTED)
return 0;
if (session->internals.send_cert_req == 0)
bool server = 0;
if (again == 0) {
- if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+ if (!session->internals.initial_negotiation_completed &&
+ session->internals.hsk_flags & HSK_PSK_SELECTED)
return 0;
+
if (session->security_parameters.entity == GNUTLS_SERVER &&
session->internals.resumed)
return 0;
*
* Prior to calling this function in server side, the function
* gnutls_certificate_server_set_request() must be called setting expectations
- * for the received certificate (request or require).
+ * for the received certificate (request or require). If none are set
+ * this function will return with %GNUTLS_E_INVALID_REQUEST.
+ *
+ * Note that post handshake authentication is available irrespective
+ * of the initial negotiation type (PSK or certificate). In all cases
+ * however, certificate credentials must be set to the session prior
+ * to calling this function.
*
* Returns: %GNUTLS_E_SUCCESS on a successful authentication, otherwise a negative error code.
**/
projects / thirdparty / gnutls.git / commitdiff
