<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777777;">

<a href="https://gitlab.com/Vrancken">Tom</a>

commented on a discussion

on <a href="https://gitlab.com/gnutls/gnutls/merge_requests/806#note_118013331">lib/constate.c</a>:

</p>

<table>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="743" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

743

</td>

<td class="diff-line-num new_line" data-linenumber="743" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

743

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC743" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">          dst->prf = src->prf; \</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="744" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

744

</td>

<td class="diff-line-num new_line" data-linenumber="744" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

744

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC744" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">          dst->grp = src->grp; \</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="745" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

745

</td>

<td class="diff-line-num new_line" data-linenumber="745" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

745

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC745" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">          dst->pversion = src->pversion; \</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="746" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="746" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

746

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC746" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">          dst->client_ctype = src->client_ctype; \</span></span>

</pre>

</td>

</tr>

</table>

<div>

<p dir="auto">A cert type / cert mismatch can indeed lead to parsing / interpretation problems and should therefore be avoided I think. Therefore I think that the solution to pack the originally negotiated params is our best option.</p>

<blockquote dir="auto" style="color: #7f8fa4; border-left-width: 3px; border-left-color: #eaeaea; border-left-style: solid; margin: 0; padding: 0 0 0 15px;">

<p>if the resumed session negotiates a different certificate than the original one, then all the authentication info data (i.e., certificates from the original session) are cleared up. That way the application will see any empty certificate, and could use the new certificate type in a potential post-handshake auth.</p>

</blockquote>

<p dir="auto">Indeed I don't know whether that is a scenario that will be used but if we want to allow it I think this would be a good solution yes. That means that we have to build some extra checks in the cert type negotiation extensions.</p>

<p dir="auto">One important question is now whether this is an unforeseen use case in the spec and whether the spec should be updated to ensure consistent behavior between different implementations?</p>

<p dir="auto">How bad is it so deviate from the spec to prevent the possibility to end up in an unwanted scenario?</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/merge_requests/806#note_118013331">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/c845032451d1dd1f40b8b20d1e705078/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/merge_requests/806#note_118013331"}}</script>

</p>

</div>

</body>

</html>