[gnutls-devel] GnuTLS | WIP: RFC7250 certificate type negotiation (!498)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Aug 15 15:00:27 CEST 2018
Tom commented on a discussion on lib/ext/server_cert_type.c:
> + _gnutls_session_server_cert_type_set(session, cert_type);
> + ret = GNUTLS_E_SUCCESS;
> + } else {
> + // No valid cert type found
> + ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
> + }
> +
> + // Clean-up
> + _gnutls_free_datum(&cert_types);
> +
> + return ret;
> +
> + } else // server mode
> + {
> + // Compare packet length with expected packet length.
> + DECR_LEN(len, 1);
I think it would be possible because there are no other extensions that depend on the certificate type I think. But how would you enforce that this extension will be parsed after the PSK extension? By putting it lower in the `hello_ext_entry_st`? That is already the case in my implementation.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/498#note_94677997
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180815/760b11c1/attachment-0001.html>
More information about the Gnutls-devel
mailing list