[gnutls-devel] GnuTLS | RFC7250 certificate type negotiation (!498)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Aug 20 13:43:11 CEST 2018


Tom commented on a discussion on lib/ext/server_cert_type.c:

>  	ssize_t len = data_size;
>  	const uint8_t* pdata = data;
>  
> -	/* Only activate this extension if cert type negotiation is enabled
> -	 * and we have cert credentials set */
> +	/* Only activate this extension if cert type negotiation is enabled,
> +	 * we are not resuming a session and we have cert credentials set */
>  	if (!_gnutls_has_negotiate_ctypes(session) ||
> +			gnutls_session_is_resumed(session) ||

I agree. I was about to conclude the same thing after reading the code for TLS 1.2. But then you pointed me to the `gnutls_session_is_resumed` function and made me doubt whether I've missed a specific case, so I added this check to be sure. Since we both conclude that it is redundant I will remove it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/498#note_95499076
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180820/5301a690/attachment.html>


More information about the Gnutls-devel mailing list