[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 25 12:37:19 CET 2018

Tom commented on a discussion on lib/auth/cert.c:

> +}
> +
> +
>  int
>  _gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data)
>  {
> -	switch (session->security_parameters.client_ctype) {
> -	case GNUTLS_CRT_X509:
> -		return gen_x509_crt(session, data);
> -	default:
> -		gnutls_assert();
> +	gnutls_certificate_type_t cert_type;
> +
> +	// Retrieve the (negotiated) certificate type for the client
> +	cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT);

I have a nice solution that brings us best of both worlds. Hope you like it too. I've created a private inline copy of the function that can be called internally. This private function is then called from the API function. That gives us the optimization that you want and also a function that abstracts the internal data structure away. I think the second benefit of using this function is that it implements logic to retrieve the "ours" and "peers" certificate types. As you mentioned in one of your other comments these modes can be used to optimize some of the code paths for certificate handling. Please take a look at the code and tell me what you think of it.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_119833840
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181125/271d1f4e/attachment.html>

More information about the Gnutls-devel mailing list