[gnutls-devel] GnuTLS | Add NO_STATUS_REQUEST priority string modifier (!1650)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Oct 13 02:06:27 CEST 2022 


Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1650 was reviewed by Daiki Ueno

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno commented on a discussion on lib/ext/status_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1650#note_1133827809

>  	int ret;
>  
> +	if (session->internals.priorities->no_status_request)

nit: I still think it would be nice to use `session->internals.flags` throughout the code, as `%NO_TICKETS` is [propagated](https://gitlab.com/gnutls/gnutls/-/blob/f5dcbdb46df52458e3756193c2a23bf558a3ecfd/lib/priority.c#L685) to `session->internals.flags` in `gnutls_priority_set`.

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on doc/cha-gtls-app.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/1650#note_1133827811

>  
> + at item %NO_STATUS_REQUEST @tab
> +will prevent sending of the TLS status_request extension in client side.

There is an inconsistency between the doc and the code: while the doc says "in client side", `%NO_STATUS_REQUEST` actually causes the server to not send the empty `status_request` extension in Server Hello; as `session->internals.priorities->no_status_request` is checked at the beginning of `_gnutls_status_request_send_params`.

I think it would make sense to limit the effect of the option to client only, because on the server side it is only enabled through `gnutls_certificate_set_ocsp_status_request_function*`.

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on lib/ext/status_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1650#note_1133827813

>  
> -	if (!(session->internals.hsk_flags & HSK_OCSP_REQUESTED))
> +	if (session->internals.priorities->no_status_request ||

If we limit the effect of `%NO_STATUS_REQUEST` to client only, this check wouldn't be necessary.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1650
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221013/bf3b3940/attachment-0001.html>

More information about the Gnutls-devel mailing list