[gnutls-devel] GnuTLS | When negotiating TLS1.3 enforce certificate key usage (!902)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Feb 6 09:59:12 CET 2019
Tim Rühsen commented on a discussion on lib/auth/cert.c:
> * length = 3 bytes and
> * certificate = length bytes.
> */
> - ret = _gnutls_buffer_append_data_prefix(data, 24,
> - apr_cert_list[0].cert.data,
> - apr_cert_list[0].cert.size);
> +
> + if (apr_cert_list_length == 0) {
> + ret = _gnutls_buffer_append_prefix(data, 24, 0);
Scanned the source... 24 is the number of bits taken from argument 4 (size) to be put into 'data' using the correct byte-order (endianess). We possible could split `_gnutls_buffer_append_prefix` into `_gnutls_buffer_append_prefix8, _gnutls_buffer_append_prefix16, _gnutls_buffer_append_prefix24, _gnutls_buffer_append_prefix32` to have static inline functions without error checking.
That way the code would also be much more readable, IMO. But this is not part of this issue ;-)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/902#note_138658627
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190206/f4d560f9/attachment.html>
More information about the Gnutls-devel
mailing list