[gnutls-devel] GnuTLS | Draft: restrict allowlisting api to before priority string initialization (!1533)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Feb 14 19:45:03 CET 2022 


Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533

Project:Branches: asosedkin/gnutls:restrict-allowlisting-api to gnutls/gnutls:master
Author:   Alexander Sosedkin




This is an attempt to defer TLS priority string generation from allowlisting config and then restrict `gnutls_protocol_set_enabled` to the time window between config loading and TLS priority string initialization. This will really really simplify the config / API / priority string interplay. If we also disable live config reloading, we'll have these three phases happening strictly sequentially, which would be the easiest to reason about.

This is an attempt to generate priority string from `->supported`.
The roadblock I've hit now is the ordering; since priority string order is significant, we can't just iterate in some fixed order, guess we'd have to honor config order + append what's enabled through new API in enabling order. That'd necessitate the new API to work on the config struct arrays order.

Not ready yet, but publishing for visibility.

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220214/af6975f1/attachment.html>

More information about the Gnutls-devel mailing list