[gnutls-devel] GnuTLS | gnutls_certificate_type_get*: ensure that the default type is returned (!806)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Nov 15 12:54:49 CET 2018
Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c:
> dst->prf = src->prf; \
> dst->grp = src->grp; \
> dst->pversion = src->pversion; \
> + dst->client_ctype = src->client_ctype; \
> I understand. If I look at the packing code `session_pack.c` lines 913/914 I see that the cert types are only packed under TLS <1.3. Is this the desired behaviour or should we actually pack these params?
It is also my understanding is that this will be sufficient, though I had no easy way to test it is functional.
> Or should these values be renegotiated under TLS 1.3? Is that the reason why you moved the `dst->client_ctype = src->client_ctype;` to within the if-block?
Indeed now, I enabled re-negotiating them; keeping that behavior though it will mean that on a resumed version which is PSK, if one asks for the original certificate of the session (which is possible), he may see a different certificate type depending on the subsequent negotiation.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/806#note_117502907
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181115/f61811bf/attachment.html>
More information about the Gnutls-devel
mailing list