GNU TLS 2.9.9 , sign/hash extension support
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Mar 8 18:45:24 CET 2010
Manish Patidar wrote:
> Hi ,
>
> I was going through the GNU TLS 2.9.9 source code that support TLS 1.2.
> I have following doubts in gnutls that support of TLS 1.2 rfc
>
> 1. While selecting server cert and chain, GNUTLS just compare server
> certificate with client requested sign/hash extension, not the whole chain.
>
> if it matched one of the server certificate , it will select the chain.
> but according to TLS 1.2 , whole chain must matched with one of the
> sign/hash algo supported by client.
>
> Is my understanding is correct ..?
which part of TLS 1.2 are you referring to?
regards,
Nikos
More information about the Gnutls-devel
mailing list