[PATCH] client-side TLS 1.2 support

Daiki Ueno ueno at unixuser.org
Mon Aug 31 14:33:07 CEST 2009


>>>>> In <87d46cdvg3.fsf at mocca.josefsson.org> 
>>>>>	Simon Josefsson <simon at josefsson.org> wrote:
> > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1}
> > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1}
> > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1}
> > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1}
> > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2}
> > +#define TLS_SIGN_AID_RSA_MD5 {1, 2}

> Where does these "magic" values come from?  It was these values that I
> would prefer to use symbolic names for.

RFC5246 7.4.1.4.1. defines those values as:

      enum {
          none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
          sha512(6), (255)
      } HashAlgorithm;

      enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
        SignatureAlgorithm;

I first thought of redefining GNUTLS_SIGN_* with pairs of those values
(like cipher suites definitions), but it will break the ABI...

Regards,
-- 
Daiki Ueno





More information about the Gnutls-devel mailing list