[gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512)

[Read-only notification of GnuTLS library development activities]

Zoltán Fridrich commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849578988

> +
> +    DECR_LEN(data_size, algs_size);
> +    memcpy(algs, data + 1, algs_size);
> +    algs_size /= sizeof(uint16_t);
> +
> +    for (unsigned i = 0; i < algs_size; ++i) {
> +        tmp = _gnutls_read_uint16((uint8_t *)(algs + i));
> +        if (_gnutls_compress_certificate_num2method(tmp) == GNUTLS_COMP_UNKNOWN)
> +            return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
> +    }
> +
> +    memcpy(priv_algs, priv.data, priv.size);
> +    priv_algs_size = priv.size / sizeof(uint16_t);
> +
> +    for (unsigned i = 0; i < algs_size && method == GNUTLS_COMP_UNKNOWN; ++i)
> +        for (unsigned j = 0; j < priv_algs_size && method == GNUTLS_COMP_UNKNOWN; ++j)

Does this makes sense here?
Currently the peers request has precedence before the local supported compression list. That means, if server requests client to compress his cert, the servers requested methods will always have precedence. Analogously it holds for client. Would it make sense to prefer servers compression list before the clients request?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849578988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220221/35d6b4e4/attachment-0001.html>