Support for trusted_ca_keys extension during TLS handshake

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Oct 31 11:39:26 CET 2012


On Tue, Oct 30, 2012 at 4:45 PM, David Fuhrmann
<david.fuhrmann at googlemail.com> wrote:
> Hello,
>
> Currently, I am searching for a TLS library that already supports the
> trusted_ca_keys extension inside the extended client hello message as
> described here: http://tools.ietf.org/html/rfc6066#page-12

GnuTLS doesn't support this extension. You can check the capabilities
of various implementations at:
http://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations

The particular extension that you're looking for isn't listed meaning
it may not be implemented by anyone.

> As it is quite difficult to find any information about an implementation for
> that over google search, I want to ask you if this extension is already (or
> soon) be supported by GnuTLS? If not, does anybody know another
> implementation / library which already supports this extension?

It is not in our plans to implement since it doesn't look particularly
useful/interesting. If you submit a patch however it may be included.
What is your use case for this extension?

regards,
Nikos




More information about the Gnutls-devel mailing list