[gnutls-devel] GnuTLS | When negotiating TLS1.3 enforce certificate key usage (!902)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Feb 6 09:59:12 CET 2019


Tim Rühsen commented on a discussion on lib/auth/cert.c:

>  	 * length = 3 bytes and
>  	 * certificate = length bytes.
>  	 */
> -	ret = _gnutls_buffer_append_data_prefix(data, 24,
> -					apr_cert_list[0].cert.data,
> -					apr_cert_list[0].cert.size);
> +
> +	if (apr_cert_list_length == 0) {
> +		ret = _gnutls_buffer_append_prefix(data, 24, 0);

Scanned the source... 24 is the number of bits taken from argument 4 (size) to be put into 'data' using the correct byte-order (endianess). We possible could split `_gnutls_buffer_append_prefix` into `_gnutls_buffer_append_prefix8, _gnutls_buffer_append_prefix16, _gnutls_buffer_append_prefix24, _gnutls_buffer_append_prefix32` to have static inline functions without error checking.

That way the code would also be much more readable, IMO. But this is not part of this issue ;-)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/902#note_138658627
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190206/f4d560f9/attachment.html>


More information about the Gnutls-devel mailing list