summary refs log tree commit diff
path: root/crypto/src/tls/AbstractTlsClient.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/tls/AbstractTlsClient.cs')
-rw-r--r--crypto/src/tls/AbstractTlsClient.cs41
1 files changed, 20 insertions, 21 deletions
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs
index 77f30bb40..5645e1c13 100644
--- a/crypto/src/tls/AbstractTlsClient.cs
+++ b/crypto/src/tls/AbstractTlsClient.cs
@@ -357,31 +357,30 @@ namespace Org.BouncyCastle.Tls
                 }
             }
 
-            /*
-             * RFC 7250 4.1:
-             *
-             * If the client has no remaining certificate types to send in
-             * the client hello, other than the default X.509 type, it MUST omit the
-             * client_certificate_type extension in the client hello.
-             */
-            short[] clientCertTypes = GetAllowedClientCertificateTypes();
-            if (clientCertTypes != null && (clientCertTypes.Length > 1 || clientCertTypes[0] != CertificateType.X509))
             {
-                TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, clientCertTypes);
+                /*
+                 * RFC 7250 4.1. If the client has no remaining certificate types to send in the client hello, other
+                 * than the default X.509 type, it MUST omit the client_certificate_type extension [..].
+                 */
+                short[] clientCertTypes = GetAllowedClientCertificateTypes();
+                if (clientCertTypes != null &&
+                    TlsUtilities.ContainsNot(clientCertTypes, 0, clientCertTypes.Length, CertificateType.X509))
+                {
+                    TlsExtensionsUtilities.AddClientCertificateTypeExtensionClient(clientExtensions, clientCertTypes);
+                }
             }
 
-            /*
-             * RFC 7250 4.1:
-             *
-             * If the client has no remaining certificate types to send in
-             * the client hello, other than the default X.509 certificate type, it
-             * MUST omit the entire server_certificate_type extension from the
-             * client hello.
-             */
-            short[] serverCertTypes = GetAllowedServerCertificateTypes();
-            if (serverCertTypes != null && (serverCertTypes.Length > 1 || serverCertTypes[0] != CertificateType.X509))
             {
-                TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, serverCertTypes);
+                /*
+                 * RFC 7250 4.1. If the client has no remaining certificate types to send in the client hello, other than
+                 * the default X.509 certificate type, it MUST omit the entire server_certificate_type extension [..].
+                 */
+                short[] serverCertTypes = GetAllowedServerCertificateTypes();
+                if (serverCertTypes != null &&
+                    TlsUtilities.ContainsNot(serverCertTypes, 0, serverCertTypes.Length, CertificateType.X509))
+                {
+                    TlsExtensionsUtilities.AddServerCertificateTypeExtensionClient(clientExtensions, serverCertTypes);
+                }
             }
 
             if (offeringDtlsV12)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 22:21:25 +0000