[gnutls-devel] RFC 7250 and API change

Rick van Rein rick at openfortress.nl
Mon May 2 08:14:09 CEST 2016

Hello Nikos,

Tom and I are working on
which implements Kerberos tickets as you suggested, per RFC 7250.

What we run into is probably a break with the GnuTLS API, and we'd like
to hear
your opinion on this.

The call to gnutls_certificate_type_get() seems to make an implicit
that the same certificate type is used in both directions, but with RFC 7250
(which we are now adding) there is a possibility that these are different.
Applications of GnuTLS might not be aware of this having been added to
and may end up being confused.

We see various ways to deal with this, but none of them is pretty. 
Could you
tell us what your preferred approach would be?

Rick & Tom

More information about the Gnutls-devel mailing list