From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 10 Jan 2015 11:12:25 +0000 (+0100)
Subject: When setting up TLS with cert-type OpenPGP from a client,
X-Git-Tag: gnutls_3_4_0~373
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7abc0b7ccded0fa25ec8cfe0169addfb496d5fa;p=thirdparty%2Fgnutls.git

When setting up TLS with cert-type OpenPGP from a client,
the server verifies if it supports the extension’s contents
in _gnutls_session_cert_type_supported().  This function
checks for cred->get_cert_callback but not cred->get_cert_callback2.
As a result, servers setup for OpenPGP certificate credential
callback with gnutls_certificate_set_retrieve_function2() are
unable to use the OpenPGP certificate type.

The solution is to consider cred->get_cert_callback2 alongside
cred->get_cert_callback in _gnutls_session_cert_type_supported().

Patch by Rick van Rein.
---

diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 623e9cfd5e..849a36a065 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -189,7 +189,7 @@ _gnutls_session_cert_type_supported(gnutls_session_t session,
 		if (cred == NULL)
 			return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
 
-		if (cred->get_cert_callback == NULL) {
+		if (cred->get_cert_callback == NULL && cred->get_cert_callback2 == NULL) {
 			for (i = 0; i < cred->ncerts; i++) {
 				if (cred->certs[i].cert_list[0].type ==
 				    cert_type) {