[gnutls-devel] Successor of gnutls_certificate_type_set_priority()
Andreas Metzler
ametzler at bebt.de
Mon Apr 20 19:56:01 CEST 2015
Hello,
3.4.0 dropped gnutls_certificate_type_set_priority(), listing
gnutls_priority_set_direct() as replacement. However as far as I can
tell, priority strings do not have a keyword for certificate_type
(GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP).
The documentation somehow implies it is possible, but does not say
how:
| Unless the initial keyword is "NONE" the defaults (in preference
| order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; for compression
| NULL; for certificate types X.509. In key exchange algorithms when in
^^^^^^^^^^^^^^^^^^^^^^^^^^^
| NORMAL or SECURE levels the perfect forward secrecy algorithms take
| precedence of the other protocols. In all cases all the supported key
| exchange algorithms are enabled.
I have started wondering when looking for a replacement for this code
in ekg2:
| /* Allow connections to servers that have OpenPGP keys as well. */
| const int cert_type_priority[3] = {GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0};
[...]
| gnutls_certificate_type_set_priority(ssl, cert_type_priority);
cu Andreas
More information about the Gnutls-devel
mailing list