[gnutls-devel] GnuTLS | gnutls_priority_init: ignore CTYPE-OPENPGP options (!789)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 1 13:13:18 CET 2018


Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c:

> +							cert_type_priority_all);
>  					} else if ((algo = gnutls_certificate_type_get_id
> -							(&broken_list[i][11])) != GNUTLS_CRT_UNKNOWN)
> -					{ // Specific server cert type allowed
> +							(&broken_list[i][11])) != GNUTLS_CRT_UNKNOWN) {
> +							// Specific server cert type allowed
>  						fn(&(*priority_cache)->server_ctype, algo);
>  					} else goto error;
>  				} else { // Symmetric certificate type
>  					if ((algo = gnutls_certificate_type_get_id
> -					     (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN)
> -					{
> +					     (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) {
>  						fn(&(*priority_cache)->client_ctype, algo);
>  						fn(&(*priority_cache)->server_ctype, algo);
> +					} else if (strncasecmp(&broken_list[i][1], "CTYPE-OPENPGP", 13) == 0) {

That's my understanding too, and the unit test added actually verifies that this works.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/789#note_113767416
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181101/26c95ad0/attachment.html>


More information about the Gnutls-devel mailing list