before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled

parent 7d9d5c61
......@@ -282,7 +282,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
|| priv->sign_algorithms_size == 0)
/* none set, allow SHA-1 only */
{
return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
ret = gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
if (_gnutls_session_sign_algo_enabled(session, ret) < 0)
goto fail;
return ret;
}
for (i = 0; i < priv->sign_algorithms_size; i++) {
......@@ -301,6 +304,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
}
}
fail:
return GNUTLS_SIGN_UNKNOWN;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment