[gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue May 14 11:33:07 CEST 2019
Dmitry Eremin-Solenikov commented on a discussion on lib/tls-sig.c: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_169880482
> return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
>
> gnutls_sign_algorithm_set_client(session, sign_algo);
> + pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
@nmav No, we can not change this part of the spec, as it will break backwards compatibility with existing implementations.
My initial implementation did the byteswap directly at `lib/tls-sig.c`. That way I did not have to change `gnutls_x509_spki_st`, did not add another flag, etc. But the code was local to `tls-sig.c`. Maybe that sounds better.
Note, this byteswap has to be done only for TLS VerifyCert signature. I do not know who and why have made this crazy decision.
Regarding making LE change part of signature algorithm. I think this will require me to duplicate sig_alg entries, won't it?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_169880482
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190514/a8368c05/attachment.html>
More information about the Gnutls-devel
mailing list