[gnutls-devel] Patch for GnuTLS 2.10.2 - The DCO

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Aug 30 22:41:36 CEST 2013

On Fri, Aug 30, 2013 at 11:05 PM, Frank Morgner <
morgner at informatik.hu-berlin.de> wrote:

> > Thank you. I have updated the 2.10.x branch. While doing few changes to
> > adopt it for the master branch, I have a question on the implementation.
> > You add _gnutls_kx_needs_rsa_params(). Is that supposed to return true
> when
> > the ciphersuite requires an RSA certificate, or that temporary RSA
> > parameters are needed? The code seems to imply the latter, but I'm not
> sure
> > that this is needed.
> Yes indeed, it should return 1 if the ciphersuite requires rsa paraters.
> Although I personally don't like the #define in question, because it is
> somewhat not intuitive, I still kept it for consistency. It is the same
> mechanism as used in _gnutls_kx_needs_dh_params and it has also been in
> the original patch from Bardenheuer.

I have applied the patch but simplified few things, and tried to update
rsa-psk.c the same direction rsa.c had been, so that it can be used with
HSMs. A rewrite to keep some common base will be needed, but I leave that
for a later time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130830/4bc7a8ad/attachment.html>

More information about the Gnutls-devel mailing list