[PATCH] client-side TLS 1.2 support
Simon Josefsson
simon at josefsson.org
Mon Aug 31 15:04:10 CEST 2009
Daiki Ueno <ueno at unixuser.org> writes:
>>>>>> In <87d46cdvg3.fsf at mocca.josefsson.org>
>>>>>> Simon Josefsson <simon at josefsson.org> wrote:
>> > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1}
>> > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1}
>> > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1}
>> > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1}
>> > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2}
>> > +#define TLS_SIGN_AID_RSA_MD5 {1, 2}
>
>> Where does these "magic" values come from? It was these values that I
>> would prefer to use symbolic names for.
>
> RFC5246 7.4.1.4.1. defines those values as:
>
> enum {
> none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
> sha512(6), (255)
> } HashAlgorithm;
>
> enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
> SignatureAlgorithm;
Thanks, I pushed your patches and added a comment explaining this.
> I first thought of redefining GNUTLS_SIGN_* with pairs of those values
> (like cipher suites definitions), but it will break the ABI...
Right, it is not worth it.
/Simon
More information about the Gnutls-devel
mailing list