[gnutls-devel] GnuTLS | Workaround for SChannel limitations (!1138)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Dec 27 23:08:31 CET 2019
Dmitry Eremin-Solenikov commented on a discussion on lib/ext/signature.c: https://gitlab.com/gnutls/gnutls/merge_requests/1138#note_265479544
> + else if (cert_algo == GNUTLS_PK_GOST_12_256)
> + dig = GNUTLS_DIG_STREEBOG_256;
> + else if (cert_algo == GNUTLS_PK_GOST_12_512)
> + dig = GNUTLS_DIG_STREEBOG_512;
> + else
> + dig = GNUTLS_DIG_SHA1;
> +
> + ret = gnutls_pk_to_sign(cert_algo, dig);
> +
> + if (!client_cert && _gnutls_session_sign_algo_enabled(session, ret) < 0)
> + goto fail;
> + return ret;
> + }
> +#endif
> +
> if (ret < 0 || !_gnutls_version_has_selectable_sighash(ver)) {
I've changed code to set `priv` to `NULL` if there was no extension present. Then the code can use `if (!priv)` condition.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1138#note_265479544
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191227/5f8c046f/attachment.html>
More information about the Gnutls-devel
mailing list