[gnutls-devel] GnuTLS | gnutls_certificate_type_get*: ensure that the default type is returned (!806)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 18 19:53:13 CET 2018

Nikos Mavrogiannopoulos commented on a discussion on lib/constate.c:

>  		dst->prf = src->prf; \
>  		dst->grp = src->grp; \
>  		dst->pversion = src->pversion; \
> +		dst->client_ctype = src->client_ctype; \

> One important question is now whether this is an unforeseen use case in the spec and whether the spec should be updated to ensure consistent behavior between different implementations?

> How bad is it so deviate from the spec to prevent the possibility to end up in an unwanted scenario?

The immediate or short term concern is none. Note also that this is not about the spec, but about the behavior of our API/ABI. The spec allows a very large set of options, but our API is always more restricted (we don't support all possible TLS extensions, nor all possible X.509 extensions either). It is about documenting it, and possibly creating an issue to track it if we believe that use case is something to worry about (most likely you know more on whether this use case makes sense).

Anyway let's separate the future handling of the certificate types from this fix. I believe that this fix should be part of 3.6.5 to address the known regressions.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/806#note_118094988
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181118/418fad50/attachment-0001.html>

More information about the Gnutls-devel mailing list