ext/signature: accept compatible algorithms with PK

That is instead of using a 1-1 mapping of signature algorithms
to public key algorithms, use gnutls_sign_supports_pk_algorithm()
to determine whether algorithms match. That way we can allow
GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS
keys.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index e5f1874fd08a5bf21b47495d865ae3c2ee064103..e546dccb675bce4ba8809eb11ecbd9570a4210bb 100644 (file)
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -299,8 +299,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
        }
 
        for (i = 0; i < priv->sign_algorithms_size; i++) {
-               if (gnutls_sign_get_pk_algorithm(priv->sign_algorithms[i])
-                   == cert_algo) {
+               if (gnutls_sign_supports_pk_algorithm(priv->sign_algorithms[i], cert_algo) != 0) {
                        if (_gnutls_pubkey_compatible_with_sig
                            (session, cert->pubkey, ver,
                             priv->sign_algorithms[i]) < 0)