[gnutls-devel] GnuTLS | gnutls_certificate_type_get*: ensure that the default type is returned (!806)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 15 00:19:43 CET 2018


Tom started a new discussion on lib/constate.c:

>  		dst->prf = src->prf; \
>  		dst->grp = src->grp; \
>  		dst->pversion = src->pversion; \
> +		dst->client_ctype = src->client_ctype; \

Can you explain to me how this is solving the problem? As I recall correctly we decided to put the negotiated certificate types outside the if block to make sure that (under all TLS versions) newly negotiated values are ignored and the original (firstly) negotiated ones are used on resumed sessions.

Where is this certificate type get bug coming from? If you don't explicitly negotiate cert types then the defaults (X.509) apply. The certificate type get functions should always return these defaults. Can you give me an example when it goes wrong?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/806#note_117364720
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181114/01c39c59/attachment-0001.html>


More information about the Gnutls-devel mailing list