[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 27 15:47:09 CET 2018

Nikos Mavrogiannopoulos commented on a discussion on lib/cert-cred-rawpk.c:

> + * to prove the authenticity of this key. The keypair can be used during
> + * a TLS handshake but its authenticity should be established via a
> + * different mechanism (e.g. TOFU or known fingerprint).
> + *
> + * The supported formats are basic unencrypted key, PKCS8, PKCS12,
> + * and the openssl format and will be autodetected.
> + *
> + * If the raw public-key and the private key are given in PEM encoding
> + * then the strings that hold their values must be null terminated.
> + *
> + * Key usage (as defined by X.509 extension ( can be explicitly
> + * set because there is no certificate structure around the key to define
> + * this value. See for more info gnutls_x509_crt_get_key_usage().
> + *
> + * Note that, this function by default returns zero on success and a
> + * negative value on error. Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2

I am not sure. The goal for V2 was not to provide an option to the caller, but to prevent callers which assumed that zero is the returned value not to break. That is it was a necessary change to maintain backwards compatibility. We have no requirement to have this API backwards compatible because it is a new one.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_120443655
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181127/27961f08/attachment-0001.html>

More information about the Gnutls-devel mailing list