TLS 1.2 server
nmav at gnutls.org
Mon Nov 2 20:13:39 CET 2009
Simon Josefsson wrote:
> That's missing, right. Client-authentication with TLS 1.2 and
> certificate signing callbacks doesn't seem to be working right either,
> the sign callback receives a string of size 36 (SHA1+MD5) but it should
> be a PKCS#1 SHA1/SHA2 structure.
I think I fixed this part during the weekend, however I don't know if
the value received by the callback is what it is expected.
> Yeah, I know. :-(
> My plan was to create some helper functions to do the hashing, and set
> up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
> figure out which hash to actually use. This is wasteful, but that is
> the TLS 1.2 design.
I now use only SHA-1 and SHA-256 and wait for a fix in TLS 1.3 :)
(MD5 is no use for a signature anyway, and the rest... just allow SHA-256 :)
More information about the Gnutls-devel