[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Nov 21 09:18:59 CET 2018


Nikos Mavrogiannopoulos commented on a discussion on lib/auth/cert.c:

> +}
> +
> +
>  int
>  _gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data)
>  {
> -	switch (session->security_parameters.client_ctype) {
> -	case GNUTLS_CRT_X509:
> -		return gen_x509_crt(session, data);
> -	default:
> -		gnutls_assert();
> -		return GNUTLS_E_INTERNAL_ERROR;
> +	gnutls_certificate_type_t cert_type;
> +
> +	// Retrieve the (negotiated) certificate type for the client
> +	cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT);

While the overhead of a function is not significant, a server  doing millions of x509 sessions will have to call this function several million times instead of accessing a variable available to it. On similar occasions we used static inline functions (see for example `get_version()`).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_118959632
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181121/27c2c203/attachment-0001.html>


More information about the Gnutls-devel mailing list