[gnutls-devel] GnuTLS | WIP: RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Sep 14 13:35:14 CEST 2018


Two more comments: the certificate setter functions `gnutls_certificate_set_rawpk_keypair_raw` and `gnutls_certificate_set_rawpk_keypair` are not as easy to use when working with files. What about this idea: add a flag to `gnutls_certificate_set_x509_key_file2` and `gnutls_certificate_set_x509_key_mem2` to force it loading a raw public key? That way we also reduce the number of added functions.

The other is that it would be very good to tie the raw public keys with the tofu validation (`gnutls_verify_stored_pubkey`, `gnutls_store_pubkey`) in documentation and examples. It ties very well with the raw keys, and makes them fully functional and secure. This subsystem needs however some tweaks to work with raw keys.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_101413544
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180914/834316ea/attachment-0001.html>


More information about the Gnutls-devel mailing list