[gnutls-devel] GnuTLS | Support for raw public keys for gnutls-cli and gnutls-serv (!1059)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Sep 8 12:00:46 CEST 2019
Nikos Mavrogiannopoulos commented on a discussion on src/cli.c: https://gitlab.com/gnutls/gnutls/merge_requests/1059#note_213865331
> const char *x509_cafile = NULL;
> const char *x509_crlfile = NULL;
> static int x509ctype;
> +const char *rawpk_keyfile = NULL;
> +const char *rawpk_file = NULL;
> static int disable_extensions;
> static int disable_sni;
> -static unsigned int init_flags = GNUTLS_CLIENT;
> +static unsigned int init_flags = GNUTLS_CLIENT | GNUTLS_ENABLE_RAWPK;
I am not sure that without any test to check `gnutls-cli`'s behavior with raw public keys we can claim that it can handle them confidently. Nevertheless, I find it a regression for the tool to suddenly starting negotiating raw public keys with an existing server where previously it would negotiate pkix. It should be up to the user to enable that behavior explictly (especially given that gnutls-cli is mainly used as a testing tool, such a regression can break test cases).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1059#note_213865331
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190908/554a56a9/attachment.html>
More information about the Gnutls-devel
mailing list