GNU TLS 2.9.9 , sign/hash extension support

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Mar 8 18:45:24 CET 2010


Manish Patidar wrote:
> Hi ,
> 
> I was going through the GNU TLS 2.9.9 source code that support TLS 1.2.
> I have following doubts in gnutls that support of TLS 1.2 rfc
> 
> 1. While selecting server cert and chain,  GNUTLS just compare server
> certificate with client requested sign/hash extension, not the whole chain.
> 
>     if it matched one of the server certificate , it will select the chain.
>     but according to TLS 1.2 , whole chain must matched with one of the
> sign/hash algo supported by client.
> 
>     Is my understanding is correct ..?

which part of TLS 1.2 are you referring to?

regards,
Nikos





More information about the Gnutls-devel mailing list