[gnutls-devel] GnuTLS | Enhance gnutls-cli to request RSA or ECDSA certificate (#855)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Oct 26 18:24:26 CEST 2019



Dilyan Palauzov created an issue: https://gitlab.com/gnutls/gnutls/issues/855



When a server offers several certificates, openssl s_client can request from the server RSA certificate using "-sigalgs 'RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1'" and EC certificate using "-sigalgs 'ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512'".  This works for both TLS 1.2 and TLS 1.3. In gnutls-cli 3.6.5 I do not see such fuction.  Neither I see in the output of `gnutls-cli -l` anything with PSS.

* Enhance gnutls-cli to be able to retrieve from the server the RSA or the EC certificatate, as the further checks, DANE, OCSP are performed towards the returned certificate and one wants to validate all certificates

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/855
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191026/34d9bed2/attachment.html>


More information about the Gnutls-devel mailing list