[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 20 13:52:43 CET 2018


Nikos Mavrogiannopoulos started a new discussion on lib/auth/cert.c:

> +	int ret;
> +	gnutls_pcert_st *apr_cert_list;
> +	gnutls_privkey_t apr_pkey;
> +	int apr_cert_list_length;
> +
> +	// Retrieve the appropriate certificate
> +	if((ret = _gnutls_get_selected_cert(session, &apr_cert_list,
> +				       &apr_cert_list_length, &apr_pkey)) < 0)	{
> +			return gnutls_assert_val(ret);
> +	}
> +
> +	/* Since we are transmitting a raw public key with no additional
> +	 * certificate credentials attached to it, it doesn't make sense to
> +	 * have more than one certificate set (i.e. to have a certificate chain).
> +	 */
> +	if (apr_cert_list_length == 1) {

nit: it would have been simpler to return the error immediately if the list does not equal one. Since you are testing for validity of the cert structure nevertheless, why don't you check that the certificate is of RAW type?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_118714459
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181120/b5865c31/attachment-0001.html>


More information about the Gnutls-devel mailing list