[gnutls-devel] GnuTLS | RFC7250 certificate type negotiation (!498)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon Aug 20 11:30:45 CEST 2018
Nikos Mavrogiannopoulos started a new discussion on lib/ext/server_cert_type.c:
> ssize_t len = data_size;
> const uint8_t* pdata = data;
> - /* Only activate this extension if cert type negotiation is enabled
> - * and we have cert credentials set */
> + /* Only activate this extension if cert type negotiation is enabled,
> + * we are not resuming a session and we have cert credentials set */
> if (!_gnutls_has_negotiate_ctypes(session) ||
> + gnutls_session_is_resumed(session) ||
I think given the previous discussion (that under TLS1.3 the psk extension is last), the `gnutls_session_is_resumed` does not help here.
Under TLS1.2 or earlier if we are resuming only the extensions of type `GNUTLS_EXT_MANDATORY` are parsed (thus not this one), and under TLS1.3 `gnutls_session_is_resumed` will not be active already. As such I think what you suggested (negotiating and ignoring the value), the the only option.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/498#note_95465221
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel