[gnutls-devel] RFC 7250 and API change
Rick van Rein
rick at openfortress.nl
Mon May 2 09:48:15 CEST 2016
Thanks for sharing your thoughts.
Relying on an explicit indication from the application that it can handle RFC 7250 does avoid problems in applications. Its downside is that the acceptance of RFC 7250 is an explicit choice, and will require that explicit choice forever. Or do you see a future path of phasing out gnutls_certificate_type_get() in favour of separate client/server certtypes?
Another form of explicit indiciation could be the priority string, by the way. That would combine nicely with a migration to independent client/server certtypes, with a change to the default CTYPE-xxx changes; as soon as CTYPE-RAW and/or CTYPE-KRB are mentioned, it ought to be clear that client and server can each have their own certtype. A remaining concern would be what to do with CTYPE-ALL though.
More information about the Gnutls-devel