[gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu May 9 22:01:05 CEST 2019
Merge request https://gitlab.com/gnutls/gnutls/merge_requests/985 was reviewed by Nikos Mavrogiannopoulos
--
Nikos Mavrogiannopoulos started a new discussion on lib/libgnutls.map: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480324
> gnutls_pcert_import_rawpk_raw;
> gnutls_prf_early;
> + gnutls_record_set_max_recv_size;
Shouldn't this and `gnutls_prf_early` be on the 3_6_8 version?
--
Nikos Mavrogiannopoulos started a new discussion on tests/tls-record-size-limit-asym.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480325
> + },
> + {
> + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2",
Any reason this shouldn't be tested under TLS1.3 (and the default version) as well?
--
Nikos Mavrogiannopoulos started a new discussion on tests/tls-record-size-limit-asym.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480326
> + serverx509cred);
> +
> + gnutls_priority_set_direct(server, test->prio, NULL);
This could fail if the priority string in the test is malformed.
--
Nikos Mavrogiannopoulos started a new discussion on tests/tls-record-size-limit-asym.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480327
> + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM);
> + if (ret < 0)
> + exit(1);
using fail instead of exit will print the line number of the failure and that can be useful during debugging of an issue
--
Nikos Mavrogiannopoulos started a new discussion on tests/tls-record-size-limit-asym.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480328
> + global_init();
> +
> + /* General init. */
It may be a good idea to assign a name on the test and print here the name of the test started. Otherwise a failure will not be easy to pinpoint without following the test with a debugger.
--
Nikos Mavrogiannopoulos started a new discussion on lib/ext/max_record.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_168480330
> + *
> + * Deprecated: if the client can assume that the 'record size limit'
> + * extension is supported by the server, it had better use
I think the "had" should be "should" if I understand the meaning correctly. What if we say "We recommend to use `gnutls_record_set_max_recv_size()` in new applications.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190509/54dd9b03/attachment.html>
More information about the Gnutls-devel
mailing list