[gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Feb 21 10:57:08 CET 2022




Zoltán Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849563413

> +int
> +gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_datum_t * methods)
> +{
> +    int ret, tmp;
> +    uint16_t priv_algs[MAX_COMPRESS_CERTIFICATE_METHODS];
> +    gnutls_compression_method_t algs[MAX_COMPRESS_CERTIFICATE_METHODS];
> +    gnutls_datum_t priv;
> +
> +    if (methods->size < MIN_COMPRESS_CERTIFICATE_METHODS ||
> +        methods->size > MAX_COMPRESS_CERTIFICATE_METHODS)
> +        return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
> +
> +    memcpy(algs, methods->data, methods->size * sizeof(gnutls_compression_method_t));
> +
> +    for (unsigned i = 0; i < methods->size; ++i) {
> +        tmp = _gnutls_compress_certificate_method2num(algs[i]);

`GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER` seem more appropriate, both when methods->size check fails and when unimplemented alg is provided.

I will also add an option to unset compression methods. When methods == NULL OR methods_len == 0, then unset compression methods. Because currently if you would set them, you wouldnt be able to unset them as methods_len 0 would be an invalid param error.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849563413
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220221/d5067954/attachment.html>


More information about the Gnutls-devel mailing list