[gnutls-devel] GnuTLS | Forbid uncolicited CompressedCertificate messages (!1678)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Dec 9 08:49:33 CET 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1678 was reviewed by Daiki Ueno
--
<!-- Get preloaded note discussion-->
Daiki Ueno started a new discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791471
> + * returns 0 otherwise
> + */
> +int
Let's use `bool` for internal functions.
--
<!-- Get preloaded note discussion-->
Daiki Ueno started a new discussion on lib/tls13/certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791481
> if (ret < 0) {
> gnutls_assert();
> gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE);
I think you can simply return `ret` instead of manually sending a specific alert. Then the error is mapped with `gnutls_error_to_alert` and an alert will be sent accordingly.
--
<!-- Get preloaded note discussion-->
Daiki Ueno started a new discussion on lib/gnutls_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678#note_1202791485
>
> + /* Indicates whether certificate compression has been requested */
> + bool compress_certificate_req_sent;
I would use `session->internals.hsk_flags` instead of introducing a new field (so we don't need to care about its cleanup).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1678
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221209/d520c38d/attachment-0001.html>
More information about the Gnutls-devel
mailing list