[gnutls-devel] GnuTLS | OCSP response manipulation & signing support (#859)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 5 16:46:35 CET 2019

Nikos Mavrogiannopoulos commented:

The API seems reasonable. Some quick comments on it:
 - `int gnutls_ocsp_resp_set_responder_raw_id(gnutls_ocsp_resp_t resp, unsigned type, gnutls_datum_t raw);`
The third option it is more consistent with the rest of the API to be a pointer to datum_t.

 - `gnutls_ocsp_resp_sign`
This sign function cannot handle RSA-PSS or changing signature algorithm (RSA-SHA256 vs RSA-SHA512). An update may be to be similar to `gnutls_privkey_sign_hash2` and have as input the specific signature algorithm `gnutls_sign_algorithm_t` and flags.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/859#note_240340083
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191105/3b97cc21/attachment.html>

More information about the Gnutls-devel mailing list