]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Do not check signature algorithms for certificate selection when using openpgp certif...
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 1 Nov 2009 15:52:22 +0000 (17:52 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 1 Nov 2009 15:52:22 +0000 (17:52 +0200)
lib/auth_cert.c

index a3756336e9aa57ce2fb4ca74949d8bf4f736f142..d6373163dc99e3021098383b0540888ecc5dc94c 100644 (file)
@@ -1921,8 +1921,12 @@ _gnutls_server_select_cert (gnutls_session_t session,
        {
          /* if cert type and signature algorithm matches 
           */
-         if (session->security_parameters.cert_type ==
-             cred->cert_list[i][0].cert_type && _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0)
+         if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type && 
+             (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP || /* FIXME: make this a check for
+                                                                         * certificate type capabilities
+                                                                         */
+              !_gnutls_version_has_selectable_sighash (gnutls_protocol_get_version (session)) || 
+              _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0))
            {
              idx = i;
              break;