[gnutls-devel] GnuTLS | cert auth: filter out unsupported cert types from TLS 1.2 CR (!1434)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 17 16:26:26 CEST 2021



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1434 was reviewed by Hubert Kario (@mention me if you need reply)

--
  
Hubert Kario (@mention me if you need reply) started a new discussion on tests/suite/tls-fuzzer/gnutls-cert.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1434#note_577035488

> +                         "-p", "@PORT@",
> +                         "-s", "sha256+rsa 8+9 8+4 sha256+ecdsa 8+7 sha384+rsa 8+10 8+5 sha384+ecdsa 8+8 sha512+rsa 8+11 8+6 sha512+ecdsa sha1+rsa sha1+ecdsa",
> +                         "check cert types in cert request"]

why not run all tests in the script?

--
  
Hubert Kario (@mention me if you need reply) started a new discussion on tests/suite/tls-fuzzer/gnutls-cert.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1434#note_577035491

> +                         "-c", "tests/clientX509Cert.pem",
> +                         "-p", "@PORT@",
> +                         "-s", "sha256+rsa 8+9 8+4 sha256+ecdsa 8+7 sha384+rsa 8+10 8+5 sha384+ecdsa 8+8 sha512+rsa 8+11 8+6 sha512+ecdsa sha1+rsa sha1+ecdsa",

wouldn't it be more readable to use the following instead?:
```
 "-s", "sha256+rsa rsa_pss_pss_sha256 rsa_pss_rsae_sha256 sha256+ecdsa rsa_pss_rsae_sha256 sha384+rsa rsa_pss_pss_sha384 rsa_pss_rsae_sha384 sha384+ecdsa ed448 sha512+rsa rsa_pss_pss_sha512 rsa_pss_rsae_sha512 sha512+ecdsa sha1+rsa sha1+ecdsa",
```


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1434
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210517/56101390/attachment.html>


More information about the Gnutls-devel mailing list