size_t data_size)
{
int ret;
- gnutls_datum_t cert_types; // Holds the received cert types
- gnutls_datum_t sent_cert_types; // Holds the previously sent cert types
gnutls_certificate_type_t cert_type;
-
uint8_t i, found = 0;
const uint8_t* pdata = data;
return 0;
if (!IS_SERVER(session)) { // client mode
+ gnutls_datum_t sent_cert_types; // Holds the previously sent cert types
/* Compare packet length with expected packet length. For the
* client this is a single byte. */
* to check it nevertheless. */
cert_type = IANA2cert_type(pdata[0]);
+ _gnutls_handshake_log("EXT[%p]: Received a %s client certificate type confirmation from the server.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
+
// Check validity of cert type
if (cert_type == GNUTLS_CRT_UNKNOWN) {
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
return ret;
} else { // server mode
+ gnutls_datum_t cert_types; // Holds the received cert types
+
// Compare packet length with expected packet length.
DECR_LEN(data_size, 1);
if (data[0] != data_size) {
if (cert_type == GNUTLS_CRT_UNKNOWN)
continue;
+ _gnutls_handshake_log("EXT[%p]: Checking compatibility of a %s client certificate type that was received from the client.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
+
// Check for support of this cert type
if (_gnutls_session_cert_type_supported
(session, cert_type, false, GNUTLS_CTYPE_CLIENT) == 0) {
gnutls_buffer_st* data)
{
int ret;
- uint8_t cert_type; // Holds an IANA cert type ID
- uint8_t i = 0, num_cert_types = 0;
- priority_st* cert_priorities;
- gnutls_datum_t tmp_cert_types; // For type conversion
- uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types. Inv: 0 <= cert type Id < 256
- const version_entry_st* vers = get_version(session);
+ uint8_t cert_type_IANA; // Holds an IANA cert type ID
+ gnutls_certificate_type_t cert_type;
/* Only activate this extension if we have cert credentials set
* and alternative cert types are allowed */
return 0;
if (!IS_SERVER(session)) { // Client mode
+ uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256
+ uint8_t i = 0, num_cert_types = 0;
+ priority_st* cert_priorities;
+ gnutls_datum_t tmp_cert_types; // For type conversion
+
// For brevity
cert_priorities =
&session->internals.priorities->client_ctype;
* prune our original list.
*/
for (i = 0; i < cert_priorities->num_priorities; i++) {
- if (_gnutls_session_cert_type_supported
- (session, cert_priorities->priorities[i],
- true, GNUTLS_CTYPE_CLIENT) == 0) {
+ cert_type = cert_priorities->priorities[i];
+
+ if (_gnutls_session_cert_type_supported(session, cert_type,
+ true, GNUTLS_CTYPE_CLIENT) == 0) {
/* Check whether we are allowed to store another cert type
* in our buffer. In other words, prevent a possible buffer
* overflow. This situation can occur when a user sets
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
// Convert to IANA representation
- ret = cert_type2IANA(cert_priorities->priorities[i]);
+ ret = cert_type2IANA(cert_type);
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type = ret; // For readability
+ cert_type_IANA = ret; // For readability
// Add this cert type to our list with supported types
- cert_types[num_cert_types] = cert_type;
+ cert_types[num_cert_types] = cert_type_IANA;
num_cert_types++;
_gnutls_handshake_log
("EXT[%p]: Client certificate type %s (%d) was queued.\n",
session,
- gnutls_certificate_type_get_name(cert_priorities->priorities[i]),
- cert_type);
+ gnutls_certificate_type_get_name(cert_type),
+ cert_type_IANA);
}
}
}
}
} else { // Server mode
+ const version_entry_st* vers = get_version(session);
/* TLS 1.2:
* Check whether we are going to send a certificate request,
* otherwise omit the response. This is conform spec.
* when we cannot find a matching client certificate. This is conform
* spec (RFC7250, 4.2 case 2.).
*/
- ret = cert_type2IANA(get_certificate_type(
- session, GNUTLS_CTYPE_CLIENT));
+ cert_type = get_certificate_type(session, GNUTLS_CTYPE_CLIENT);
+ ret = cert_type2IANA(cert_type);
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type = ret; // For readability
+ cert_type_IANA = ret; // For readability
+
+ _gnutls_handshake_log("EXT[%p]: Confirming to use a %s client certificate type.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
- ret = gnutls_buffer_append_data(data, &cert_type, 1);
+ ret = gnutls_buffer_append_data(data, &cert_type_IANA, 1);
if (ret < 0)
return gnutls_assert_val(ret);
projects / thirdparty / gnutls.git / commitdiff
