[gnutls-devel] Bugfixes for certificate lists
nmav at gnutls.org
Thu Jul 28 10:58:56 CEST 2016
On Wed, Jul 27, 2016 at 11:56 PM, Tim Kosse
<tim.kosse at filezilla-project.org> wrote:
> could I please get some feedback on these patches?
They look good, thank you.
I didn't like that change though:
> - * a X.509 then a certificate list may be present. The first
> - * certificate in the list is the peer's certificate, following the
> - * issuer's certificate, then the issuer's issuer etc.
> + * a X.509 then a certificate list may be present. This list is not
> + * sorted.
I think it is more accurate to say that the list is provided as sent
by the server, and servers are expected to provide a sorted list. I've
added some text on these lines at the following merge request. Let me
know if that's ok.
I wonder whether we need to add a certificate_get_peers function which
is guaranteed to return a sorted list (or modify that one to do so).
More information about the Gnutls-devel