[gnutls-devel] Bugfixes for certificate lists

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jul 28 10:58:56 CEST 2016


On Wed, Jul 27, 2016 at 11:56 PM, Tim Kosse
<tim.kosse at filezilla-project.org> wrote:
> Hi,
> could I please get some feedback on these patches?

They look good, thank you.

I didn't like that change though:
> - * a X.509 then a certificate list may be present.  The first
> - * certificate in the list is the peer's certificate, following the
> - * issuer's certificate, then the issuer's issuer etc.
> + * a X.509 then a certificate list may be present.  This list is not
> + * sorted.

I think it is more accurate to say that the list is provided as sent
by the server, and servers are expected to provide a sorted list. I've
added some text on these lines at the following merge request. Let me
know if that's ok.
https://gitlab.com/gnutls/gnutls/merge_requests/31

I wonder whether we need to add a certificate_get_peers function which
is guaranteed to return a sorted list (or modify that one to do so).

regards,
Nikos



More information about the Gnutls-devel mailing list