[gnutls-devel] Patch for GnuTLS 2.10.2 - The DCO
nmav at gnutls.org
Fri Aug 30 22:41:36 CEST 2013
On Fri, Aug 30, 2013 at 11:05 PM, Frank Morgner <
morgner at informatik.hu-berlin.de> wrote:
> > Thank you. I have updated the 2.10.x branch. While doing few changes to
> > adopt it for the master branch, I have a question on the implementation.
> > You add _gnutls_kx_needs_rsa_params(). Is that supposed to return true
> > the ciphersuite requires an RSA certificate, or that temporary RSA
> > parameters are needed? The code seems to imply the latter, but I'm not
> > that this is needed.
> Yes indeed, it should return 1 if the ciphersuite requires rsa paraters.
> Although I personally don't like the #define in question, because it is
> somewhat not intuitive, I still kept it for consistency. It is the same
> mechanism as used in _gnutls_kx_needs_dh_params and it has also been in
> the original patch from Bardenheuer.
I have applied the patch but simplified few things, and tried to update
rsa-psk.c the same direction rsa.c had been, so that it can be used with
HSMs. A rewrite to keep some common base will be needed, but I leave that
for a later time.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel