[gnutls-devel] GnuTLS | OpenSSL IPv6 PSK Incompatibility (#683)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 24 17:54:02 CET 2019


> What about using GNUTLS_E_UNRECOGNIZED_NAME instead of GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER (in server_name.c / _gnutls_server_name_recv_params()) ?

IMO illegal_parameter is more appropriate here according to the RFC:
```
   illegal_parameter:  A field in the handshake was incorrect or
      inconsistent with other fields.  _This alert is used for errors
      which conform to the formal protocol syntax but are otherwise
      incorrect._
```
and
```
   unrecognized_name:  Sent by servers when no server exists identified
      by the name provided by the client via the "server_name" extension
      (see [RFC6066]).
```
That would allow clients to distinguish whether the error is in protocol level or configuration level.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/683#note_134637845
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190124/eed75252/attachment.html>


More information about the Gnutls-devel mailing list