diff --git a/lib/modules/SSL.pmod/context.pike b/lib/modules/SSL.pmod/context.pike index a19cc48d7158639b59119b07ed9eac22d7ad4cd6..0c48d0c9a5aea3a4baf08b52d60ff6fb0241d8b4 100644 --- a/lib/modules/SSL.pmod/context.pike +++ b/lib/modules/SSL.pmod/context.pike @@ -669,23 +669,20 @@ private array(string(8bit)) string wantedtype; mapping(int:string) cert_types = ([ - 1 : "rsa", - 2 : "dss", - 3 : "rsa_fixed_dh", - 4 : "dss_fixed_dh" + Constant.AUTH_rsa_sign : "rsa", + Constant.AUTH_dss_sign : "dss", + Constant.AUTH_ecdsa_sign : "ecdsa", ]); foreach(acceptable_types, int t) { - // FIXME: The only valid Verifier types are "rsa", "dsa" and - // "ecdsa". We should probably use wantedtype below as well. wantedtype = cert_types[t]; foreach(c, mapping(string:mixed) cert) { Standards.X509.TBSCertificate crt = [object(Standards.X509.TBSCertificate)]cert->cert; - if(crt->public_key->type == "rsa") + if(crt->public_key->type == wantedtype) return context->client_certificates[[int]cert->chain]; } }