[PATCH] client-side TLS 1.2 support
Daiki Ueno
ueno at unixuser.org
Mon Aug 31 14:33:07 CEST 2009
>>>>> In <87d46cdvg3.fsf at mocca.josefsson.org>
>>>>> Simon Josefsson <simon at josefsson.org> wrote:
> > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1}
> > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1}
> > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1}
> > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1}
> > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2}
> > +#define TLS_SIGN_AID_RSA_MD5 {1, 2}
> Where does these "magic" values come from? It was these values that I
> would prefer to use symbolic names for.
RFC5246 7.4.1.4.1. defines those values as:
enum {
none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
sha512(6), (255)
} HashAlgorithm;
enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
SignatureAlgorithm;
I first thought of redefining GNUTLS_SIGN_* with pairs of those values
(like cipher suites definitions), but it will break the ABI...
Regards,
--
Daiki Ueno
More information about the Gnutls-devel
mailing list