diff -Nru gnutls26-2.12.14/debian/changelog gnutls26-2.12.14/debian/changelog
--- gnutls26-2.12.14/debian/changelog	2012-06-08 15:30:29.000000000 +0200
+++ gnutls26-2.12.14/debian/changelog	2012-12-31 17:54:24.000000000 +0200
@@ -1,3 +1,9 @@
+gnutls26 (2.12.14-5ubuntu3.2) precise-proposed; urgency=low
+
+  * Apply upstream patch to fix validation of client certificates
+
+ -- Andrew Colin Kissa <andrew@topdog.za.net>  Mon, 31 Dec 2012 17:50:12 +0200
+
 gnutls26 (2.12.14-5ubuntu3.1) precise-proposed; urgency=low
 
   * Apply upstream patch to fix validation of certificates when more than
diff -Nru gnutls26-2.12.14/debian/patches/disable_signature_algorithms_that_are_not_supported_for_client_certificate_verification.patch gnutls26-2.12.14/debian/patches/disable_signature_algorithms_that_are_not_supported_for_client_certificate_verification.patch
--- gnutls26-2.12.14/debian/patches/disable_signature_algorithms_that_are_not_supported_for_client_certificate_verification.patch	1970-01-01 02:00:00.000000000 +0200
+++ gnutls26-2.12.14/debian/patches/disable_signature_algorithms_that_are_not_supported_for_client_certificate_verification.patch	2012-12-31 16:54:51.000000000 +0200
@@ -0,0 +1,27 @@
+Index: gnutls26-2.12.14/lib/ext_signature.c
+===================================================================
+--- gnutls26-2.12.14.orig/lib/ext_signature.c	2011-10-17 23:54:15.000000000 +0200
++++ gnutls26-2.12.14/lib/ext_signature.c	2012-12-31 16:54:44.480426145 +0200
+@@ -127,7 +127,7 @@
+ _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
+                                    const opaque * data, size_t data_size)
+ {
+-  int sig, i;
++  int sig, i, hash;
+   sig_ext_st *priv;
+   extension_priv_data_t epriv;
+ 
+@@ -150,8 +150,13 @@
+        _gnutls_debug_log ("EXT[SIGA]: rcvd signature algo (%d.%d) %s\n", aid.hash_algorithm, 
+          aid.sign_algorithm, gnutls_sign_get_name(sig));
+ 
++
+       if (sig != GNUTLS_SIGN_UNKNOWN)
+         {
++          hash = _gnutls_sign_get_hash_algorithm(sig);
++          if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256)
++            continue;
++
+           priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
+           if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
+             break;
diff -Nru gnutls26-2.12.14/debian/patches/series gnutls26-2.12.14/debian/patches/series
--- gnutls26-2.12.14/debian/patches/series	2012-06-08 15:24:48.000000000 +0200
+++ gnutls26-2.12.14/debian/patches/series	2012-12-31 16:53:53.000000000 +0200
@@ -6,3 +6,4 @@
 25_nssldapsfix.diff
 CVE-2012-1573.patch
 
+disable_signature_algorithms_that_are_not_supported_for_client_certificate_verification.patch