[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Nov 23 17:08:04 CET 2018


Tom commented on a discussion on lib/auth/cert.c:

> +	 * <length++certificate> where
> +	 * length = 3 bytes and
> +	 * certificate = length bytes.
> +	 */
> +		ret = _gnutls_buffer_append_data_prefix(data, 24,
> +									apr_cert_list[0].cert.data,
> +									apr_cert_list[0].cert.size);
> +
> +		if (ret < 0) return gnutls_assert_val(ret);
> +
> +		return data->length;
> +	} else {
> +	/* We found more than one certificate. In that case we don't know
> +	 * which one to send, therefore we send nothing.
> +	 */
> +		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); // TODO maybe introduce new error type GNUTLS_E_RAWPK_TOO_MANY_KEYS_GIVEN?

It actually is an impossible situation. By using the rawpk API the cert list length of a raw public-key is always set to 1. I guess I was too cautious here with this extra check.

Shall I insert an `assert` statement to reflect the invariant that `apr_cert_list_length == 1` should always hold? Or shall I just remove the if/else statement?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_119678988
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181123/7898bc67/attachment-0001.html>


More information about the Gnutls-devel mailing list