diff options
Diffstat (limited to 'src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c')
-rw-r--r-- | src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 08d15ef00..b34b5085f 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -176,16 +176,20 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, * and supported by the other peer */ enumerator = signature_schemes_for_key(key_type, private->get_keysize(private)); - while (enumerator->enumerate(enumerator, &scheme)) + while (enumerator->enumerate(enumerator, &config)) { + if (config->scheme == SIGN_RSA_EMSA_PSS && + !lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns)) + { + continue; + } if (keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(scheme, - NULL))) + hasher_from_signature_scheme(config->scheme, + config->params))) { - INIT(config, - .scheme = scheme, - ) - array_insert(selected, ARRAY_TAIL, config); + array_insert(selected, ARRAY_TAIL, + signature_params_clone(config)); } } enumerator->destroy(enumerator); |