]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Only check PK compatibility in client side but also when using openpgp certs.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 11 Mar 2014 21:00:56 +0000 (22:00 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 11 Mar 2014 21:00:58 +0000 (22:00 +0100)
lib/auth/cert.c

index f78b68473d6c54ddfd489a8b516011aa0df9d360..7ccba6e10864ecfdf2c1919bc71ae2871c0b126c 100644 (file)
@@ -986,6 +986,9 @@ int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey)
        unsigned req_cert_pk;
        unsigned kx;
 
+       if (session->security_parameters.entity != GNUTLS_CLIENT)
+               return 0;
+
        cert_pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
        if (cert_pk == GNUTLS_PK_UNKNOWN) {
                gnutls_assert();
@@ -1309,6 +1312,12 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session,
                                                 NULL);
        }
 
+       ret = check_pk_compat(session, peer_certificate_list[0].pubkey);
+       if (ret < 0) {
+               gnutls_assert();
+               goto cleanup;
+       }
+
        ret =
            copy_certificate_auth_info(info,
                                       peer_certificate_list, 1, subkey_id);