[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 29 00:16:39 CET 2018


Tom commented on a discussion on lib/cert-cred-rawpk.c:

> + * to prove the authenticity of this key. The keypair can be used during
> + * a TLS handshake but its authenticity should be established via a
> + * different mechanism (e.g. TOFU or known fingerprint).
> + *
> + * The supported formats are basic unencrypted key, PKCS8, PKCS12,
> + * and the openssl format and will be autodetected.
> + *
> + * If the raw public-key and the private key are given in PEM encoding
> + * then the strings that hold their values must be null terminated.
> + *
> + * Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
> + * set because there is no certificate structure around the key to define
> + * this value. See for more info gnutls_x509_crt_get_key_usage().
> + *
> + * Note that, this function by default returns zero on success and a
> + * negative value on error. Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2

To be honest I think that this cert API v2 is not the best solution for the problem. In my opinion it is not consistent with the rest of the API where only status codes are returned. I think it would have been nicer to let all functions only return a status code. If you want to return an other value you should do it via a parameter. I actually wanted to start a separate discussion about this topic. Is it okay when we discuss that in a separate issue?

Just tell me how you want me to update this new API and I will change it. I think that it would be nice to leave it this way for consistency reasons with the rest of the cert API. But it's your call.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_120908676
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181128/b103bfc8/attachment.html>


More information about the Gnutls-devel mailing list