TLS 1.2 server

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Nov 2 20:13:39 CET 2009


Simon Josefsson wrote:

> That's missing, right.  Client-authentication with TLS 1.2 and
> certificate signing callbacks doesn't seem to be working right either,
> the sign callback receives a string of size 36 (SHA1+MD5) but it should
> be a PKCS#1 SHA1/SHA2 structure.

Hi,
 I think I fixed this part during the weekend, however I don't know if
the value received by the callback is what it is expected.

> Yeah, I know. :-(
> 
> My plan was to create some helper functions to do the hashing, and set
> up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
> figure out which hash to actually use.  This is wasteful, but that is
> the TLS 1.2 design.

I now use only SHA-1 and SHA-256 and wait for a fix in TLS 1.3 :)
(MD5 is no use for a signature anyway, and the rest... just allow SHA-256 :)

regards,
Nikos





More information about the Gnutls-devel mailing list