diff options
Diffstat (limited to 'src/tls/tls_policy.cpp')
-rw-r--r-- | src/tls/tls_policy.cpp | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 77b103aa2..02263ffa2 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -213,9 +213,8 @@ std::string Policy::choose_curve(const std::vector<std::string>& curve_names) co * Choose which ciphersuite to use */ u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites, + const std::vector<std::string>& available_cert_types, bool have_shared_ecc_curve, - bool have_rsa, - bool have_dsa, bool have_srp) const { for(size_t i = 0; i != client_suites.size(); ++i) @@ -226,25 +225,20 @@ u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites, if(suite.cipher_keylen() == 0) continue; // not a ciphersuite we know - if(suite.kex_algo() == "ECDH" && !have_shared_ecc_curve) - continue; - - if(suite.sig_algo() == "RSA" && have_rsa) - return suite_id; - - if(suite.sig_algo() == "DSA" && have_dsa) - return suite_id; + if(!have_shared_ecc_curve) + { + if(suite.kex_algo() == "ECDH" || suite.sig_algo() == "ECDSA") + continue; + } if(suite.kex_algo() == "SRP" && have_srp) return suite_id; -#if 0 - if(suite.sig_algo() == "") // anonymous server + if(value_exists(available_cert_types, suite.sig_algo())) return suite_id; -#endif } - return 0; + return 0; // no shared cipersuite } /* |