From: Nikos Mavrogiannopoulos Date: Sun, 1 Nov 2009 15:52:22 +0000 (+0200) Subject: Do not check signature algorithms for certificate selection when using openpgp certif... X-Git-Tag: gnutls_2_9_8~24 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3349e19bcf9f7289df22b450c283d7ca21278e16;p=thirdparty%2Fgnutls.git Do not check signature algorithms for certificate selection when using openpgp certificates. --- diff --git a/lib/auth_cert.c b/lib/auth_cert.c index a3756336e9..d6373163dc 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1921,8 +1921,12 @@ _gnutls_server_select_cert (gnutls_session_t session, { /* if cert type and signature algorithm matches */ - if (session->security_parameters.cert_type == - cred->cert_list[i][0].cert_type && _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0) + if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type && + (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP || /* FIXME: make this a check for + * certificate type capabilities + */ + !_gnutls_version_has_selectable_sighash (gnutls_protocol_get_version (session)) || + _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0)) { idx = i; break;