[gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Feb 10 08:39:32 CET 2022




Daiki Ueno commented:


Looks great in general; I've tried to connect to facebook.com with the following change:
```diff
diff --git a/src/cli.c b/src/cli.c
index 5378b72256..66bc67eb9f 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -723,6 +723,8 @@ gnutls_session_t init_tls_session(const char *host)
        int ret;
        unsigned i;
        gnutls_session_t session;
+        gnutls_compression_method_t algs[] = { GNUTLS_COMP_ZLIB };
+        gnutls_datum_t methods = { (unsigned char *)algs, 1 };
 
        if (udp) {
                gnutls_init(&session, GNUTLS_DATAGRAM | init_flags);
@@ -731,6 +733,12 @@ gnutls_session_t init_tls_session(const char *host)
        } else
                gnutls_init(&session, init_flags);
 
+        ret = gnutls_compress_certificate_set_methods(session, &methods);
+       if (ret < 0) {
+               fprintf(stderr, "Could not set certificate compression methods: %s\n", gnutls_strerror(ret));
+               exit(1);
+       }
+
        if (priorities == NULL) {
                ret = gnutls_set_default_priority(session);
                if (ret < 0) {
```

Perhaps it might be useful to have an option, say `--compress-cert=METHODS`, for `gnutls-cli` and `gnutls-serv` for interop testing?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_838165199
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220210/3d07d045/attachment.html>


More information about the Gnutls-devel mailing list