From: Nikos Mavrogiannopoulos Date: Tue, 11 Mar 2014 21:00:56 +0000 (+0100) Subject: Only check PK compatibility in client side but also when using openpgp certs. X-Git-Tag: gnutls_3_3_0pre0~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4852d9b8ee67a24e0eb282559cfbbdc1ff7c1de1;p=thirdparty%2Fgnutls.git Only check PK compatibility in client side but also when using openpgp certs. --- diff --git a/lib/auth/cert.c b/lib/auth/cert.c index f78b68473d..7ccba6e108 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -986,6 +986,9 @@ int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) unsigned req_cert_pk; unsigned kx; + if (session->security_parameters.entity != GNUTLS_CLIENT) + return 0; + cert_pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); if (cert_pk == GNUTLS_PK_UNKNOWN) { gnutls_assert(); @@ -1309,6 +1312,12 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session, NULL); } + ret = check_pk_compat(session, peer_certificate_list[0].pubkey); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + ret = copy_certificate_auth_info(info, peer_certificate_list, 1, subkey_id);