[gnutls-devel] GnuTLS | gnutls_certificate_type_get*: ensure that the default type is returned (!806)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 15 12:54:49 CET 2018

Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c:

>  		dst->prf = src->prf; \
>  		dst->grp = src->grp; \
>  		dst->pversion = src->pversion; \
> +		dst->client_ctype = src->client_ctype; \

> I understand. If I look at the packing code `session_pack.c` lines 913/914 I see that the cert types are only packed under TLS <1.3. Is this the desired behaviour or should we actually pack these params? 

It is also my understanding is that this will be sufficient, though I had no easy way to test it is functional.

> Or should these values be renegotiated under TLS 1.3? Is that the reason why you moved the `dst->client_ctype = src->client_ctype;` to within the if-block?

Indeed now, I enabled re-negotiating them; keeping that behavior though it will mean that on a resumed version which is PSK, if one asks for the original certificate of the session (which is possible), he may see a different certificate type depending on the subsequent negotiation.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/806#note_117502907
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181115/f61811bf/attachment.html>

More information about the Gnutls-devel mailing list