[gnutls-devel] GnuTLS | Workaround for SChannel limitations (!1138)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Dec 27 23:08:31 CET 2019




Dmitry Eremin-Solenikov commented on a discussion on lib/ext/signature.c: https://gitlab.com/gnutls/gnutls/merge_requests/1138#note_265479544

> +		else if (cert_algo == GNUTLS_PK_GOST_12_256)
> +			dig = GNUTLS_DIG_STREEBOG_256;
> +		else if (cert_algo == GNUTLS_PK_GOST_12_512)
> +			dig = GNUTLS_DIG_STREEBOG_512;
> +		else
> +			dig = GNUTLS_DIG_SHA1;
> +
> +		ret = gnutls_pk_to_sign(cert_algo, dig);
> +
> +		if (!client_cert && _gnutls_session_sign_algo_enabled(session, ret) < 0)
> +			goto fail;
> +		return ret;
> +	}
> +#endif
> +
>  	if (ret < 0 || !_gnutls_version_has_selectable_sighash(ver)) {

I've changed code to set `priv` to `NULL` if there was no extension present. Then the code can use `if (!priv)` condition.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1138#note_265479544
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191227/5f8c046f/attachment.html>


More information about the Gnutls-devel mailing list