Simon Josefsson simon at
Mon May 3 15:58:23 CEST 2010

The new gnutls_safe_renegotiation_set API doesn't seem to influence
rehandshakes -- i.e., I cannot first handshake successfully with the
extension, call the API with flag=0, and then do a rehandshake that does
not use the extension.  Is this intentional?

See new self test tests/safe-renegotiation/srn2 to reproduce it.  I
expected that it would fail, but it doesn't.

More generally, why do we need this API at all?  Isn't the natural thing
to use the priority strings to disable the extension?  Same question
about gnutls_safe_negotiation_set_initial.


More information about the Gnutls-devel mailing list