[gnutls-devel] GnuTLS | Enhance the configuration file capabilities (!1013)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jun 14 10:18:58 CEST 2019




Dmitry Eremin-Solenikov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181323349

>  	if (p != NULL)
>  		system_priority_file = p;
>  
> +	p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID");

Hmm, on a second thought, default-permissive mode makes sense, as disabling-only config file benefits from just warning on unsupported values. E.g. admin might like to install config files disabling md5, sha1 and e.g. sm3 and not to worry about GnuTLS version and if it supports this algorithm really or not. So I'd withdraw my original comment.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1013#note_181323349
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190614/27edcb75/attachment.html>


More information about the Gnutls-devel mailing list