[gnutls-devel] GnuTLS | DTLS client responds to CertificateRequest with Certificate of the wrong type (potential interop. problems) (#1245)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jun 1 12:12:18 CEST 2021

Paul commented:

Hi Daiki, I re-ran the test inputs on the master branch and the non-conformance is still there. Essentially, the certificate_types field in CertificateRequest seems to be ignored by the client. As an aside, I notice that the client aborts the handshake in case CertificateRequest does not contain SigHashAlgorithm used in its Certificate. I am unsure this is the behavior you want in this case (I think the client should send an empty Certificate, and let the server decide whether to proceed with the handshake). I attached a [capture](/uploads/9ffa7129123bdd18c2ba5d2933cbcc8d/capture_sighash.pcapng).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1245#note_589830314
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210601/dc8de15b/attachment.html>

More information about the Gnutls-devel mailing list