[gnutls-devel] GnuTLS | gnutls_certificate_type_get*: ensure that the default type is returned (!806)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 15 11:17:07 CET 2018

Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c:

>  		dst->prf = src->prf; \
>  		dst->grp = src->grp; \
>  		dst->pversion = src->pversion; \
> +		dst->client_ctype = src->client_ctype; \

Thanks for that, I remembered we had discussed it but had lost the details. It seems that we didn't have a test for certificate types and resumption it and it never worked. Now when resuming under TLS1.3 the certificate type is changed from the default X509 to zero. That is, while the copy from resumed parameters to active session is done, the negotiated parameters are not stored in the resumed parameters when packing; and this copy that I replaced was actually setting a certificate type of zero. This made applications like lftp when using gnutls 3.6.4 to fail due to an unexpected certificate type when checking it on a resumed session. That's why I'm reverting that change and ensure that we test the expected behavior in terms of certificate type.

Given that the intended use never worked, we should correctly fix it on the rfc7250, and also add a test which guarrantees that certificate types are correctly seen when resuming a session.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/806#note_117467884
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181115/20795da7/attachment-0001.html>

More information about the Gnutls-devel mailing list