[gnutls-devel] GnuTLS | gnutls-cli skips the whole compressed certificate negotiation when unknown algo is provided among known (#1587)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Sep 27 12:00:23 CEST 2024
George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1587
## Description of problem:
When we are using --compress-cert with a known algorithms (e.g. --compress-cert zlib) the compressed certificate is negotiated normally but when we have one unknown and some known algorithms (e.g. --compress-cert zlib --compress-cert brotli --compress-cert bla) then client skips the compressed certificate extension altogether. We should skip the unknown compression algorithms and keep the known ones.
## Version of gnutls used:
gnutls-3.8.7
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL and fedora
## How reproducible:
always
Steps to Reproduce:
* run "gnutls-cli -V --x509keyfile client.key --x509certfile client.cert -p 4433 --compress-cert zlib --compress-cert bla localhost"
## Actual results:
Compressed certificate is not negotiated at all.
## Expected results:
Compressed certificate will be negotiated with zlib only.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1587
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240927/e057c0fa/attachment.html>
More information about the Gnutls-devel
mailing list