From: Nikos Mavrogiannopoulos Date: Tue, 17 Jan 2012 19:30:24 +0000 (+0100) Subject: If peer doesn't send any issuers and we have a single certificate then send that... X-Git-Tag: gnutls_3_0_13~259 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=101eadd5626a34d32f79bbdb5f45b7cb86bb7671;p=thirdparty%2Fgnutls.git If peer doesn't send any issuers and we have a single certificate then send that one. --- diff --git a/lib/auth/cert.c b/lib/auth/cert.c index b57c1dd908..db4b9af251 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -233,9 +233,17 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred, *indx = -1; - do + /* If peer doesn't send any issuers and we have a single certificate + * then send that one. + */ + if (data_size == 0 && cred->ncerts == 1) { + *indx = 0; + return 0; + } + do + { DECR_LENGTH_RET (data_size, 2, 0); size = _gnutls_read_uint16 (data); DECR_LENGTH_RET (data_size, size, 0); @@ -281,7 +289,6 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred, /* move to next record */ data += size; - } while (1); @@ -752,9 +759,8 @@ _select_client_cert (gnutls_session_t session, result = _find_x509_cert (cred, _data, _data_size, pk_algos, pk_algos_length, &indx); - #ifdef ENABLE_OPENPGP - if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) + else if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); #endif