[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Nov 20 13:52:55 CET 2018
Nikos Mavrogiannopoulos started a new discussion on lib/auth/cert.c:
> + * <length++certificate> where
> + * length = 3 bytes and
> + * certificate = length bytes.
> + */
> + ret = _gnutls_buffer_append_data_prefix(data, 24,
> + apr_cert_list[0].cert.data,
> + apr_cert_list[0].cert.size);
> +
> + if (ret < 0) return gnutls_assert_val(ret);
> +
> + return data->length;
> + } else {
> + /* We found more than one certificate. In that case we don't know
> + * which one to send, therefore we send nothing.
> + */
> + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); // TODO maybe introduce new error type GNUTLS_E_RAWPK_TOO_MANY_KEYS_GIVEN?
I think it may be better to make that an impossible situation to happen during a handshake, i.e., check on input that the number of certificates given is the expected one. Introducing an error code would make sense if that's something to be triggered by reasonable code.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_118714546
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181120/7e3c84da/attachment.html>
More information about the Gnutls-devel
mailing list