<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777777;">

<a href="https://gitlab.com/Vrancken">Tom</a>

commented on a discussion

on <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_119373137">lib/ext/client_cert_type.c</a>:

</p>

<table>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="201" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

201

</td>

<td class="diff-line-num new_line" data-linenumber="199" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

199

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC199" class="line" lang="c">    <span class="kt" style="color: #458; font-weight: 600;">uint8_t</span> <span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">=</span> <span class="mi" style="color: #099;">0</span><span class="p">,</span> <span class="n" style="color: #333;">num_cert_types</span> <span class="o" style="font-weight: 600;">=</span> <span class="mi" style="color: #099;">0</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="202" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

202

</td>

<td class="diff-line-num new_line" data-linenumber="200" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

200

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC200" class="line" lang="c">    <span class="n" style="color: #333;">priority_st</span><span class="o" style="font-weight: 600;">*</span> <span class="n" style="color: #333;">cert_priorities</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="203" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

203

</td>

<td class="diff-line-num new_line" data-linenumber="201" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

201

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC201" class="line" lang="c">    <span class="n" style="color: #333;">gnutls_datum_t</span> <span class="n" style="color: #333;">tmp_cert_types</span><span class="p">;</span> <span class="c1" style="color: #998; font-style: italic;">// For type conversion</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="204" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

204

</td>

<td class="diff-line-num new_line old" data-linenumber="202" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC204" class="line" lang="c">    <span class="kt" style="color: #458; font-weight: 600;">uint8_t</span> <span class="n" style="color: #333;">cert_types</span><span class="p">[</span><span class="n" style="color: #333;">GNUTLS_CRT_MAX</span><span class="p">];</span> <span class="c1" style="color: #998; font-style: italic;">// The list with supported cert types</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="202" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

202

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC202" class="line" lang="c">    <span class="kt" style="color: #458; font-weight: 600;">uint8_t</span> <span class="n" style="color: #333;">cert_types</span><span class="p">[</span><span class="n" style="color: #333;">GNUTLS_CRT_MAX</span><span class="p">];</span> <span class="c1" style="color: #998; font-style: italic;">// The list with supported cert types<span class="idiff left right">. Inv: 0 <= cert type Id < 256</span></span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

205

</td>

<td class="diff-line-num new_line" data-linenumber="203" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

203

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC203" class="line" lang="c">    <span class="k" style="font-weight: 600;">const</span> <span class="n" style="color: #333;">version_entry_st</span><span class="o" style="font-weight: 600;">*</span> <span class="n" style="color: #333;">vers</span> <span class="o" style="font-weight: 600;">=</span> <span class="n" style="color: #333;">get_version</span><span class="p">(</span><span class="n" style="color: #333;">session</span><span class="p">);</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="206" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

206

</td>

<td class="diff-line-num new_line" data-linenumber="204" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

204

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC204" class="line" lang="c"></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="207" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

207

</td>

<td class="diff-line-num new_line old" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC207" class="line" lang="c">    <span class="cm" style="color: #998; font-style: italic;">/* Only activate this extension if cert type negotiation is enabled</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="208" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

208

</td>

<td class="diff-line-num new_line old" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC208" class="line" lang="c"><span class="cm" style="color: #998; font-style: italic;">         * and we have cert credentials set */</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="209" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

209

</td>

<td class="diff-line-num new_line old" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC209" class="line" lang="c">    <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="o" style="font-weight: 600;">!</span><span class="n" style="color: #333;">_gnutls_has_negotiate_ctypes</span><span class="p">(</span><span class="n" style="color: #333;">session</span><span class="p">)</span> <span class="o" style="font-weight: 600;">||</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="210" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

210

</td>

<td class="diff-line-num new_line old" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC210" class="line" lang="c">                    <span class="n" style="color: #333;">_gnutls_get_cred</span><span class="p">(</span><span class="n" style="color: #333;">session</span><span class="p">,</span> <span class="n" style="color: #333;">GNUTLS_CRD_CERTIFICATE</span><span class="p">)</span> <span class="o" style="font-weight: 600;">==</span> <span class="nb" style="color: #0086b3;">NULL</span><span class="p">)</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="205" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

205

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC205" class="line" lang="c">    <span class="cm" style="color: #998; font-style: italic;">/* Only activate this extension if we have cert credentials set */</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="211" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="206" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

206

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC206" class="line" lang="c">    <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">_gnutls_get_cred</span><span class="p">(</span><span class="n" style="color: #333;">session</span><span class="p">,</span> <span class="n" style="color: #333;">GNUTLS_CRD_CERTIFICATE</span><span class="p">)</span> <span class="o" style="font-weight: 600;">==</span> <span class="nb" style="color: #0086b3;">NULL</span><span class="p">)</span></span>

</pre>

</td>

</tr>

</table>

<div>

<p dir="auto">I was referring to a couple of discussions above this one ;-). The one where you first addressed this issue. I quote my reaction here:</p>

<blockquote dir="auto" style="color: #7f8fa4; border-left-width: 3px; border-left-color: #eaeaea; border-left-style: solid; margin: 0; padding: 0 0 0 15px;">

<p>We discussed this in the comments above (from your first review). we concluded that these extensions would always be enabled and that other cert types would need to be explicitly enabled via init flags. That means that in this case raw public keys are only enabled when you pass the <code>ENABLE_RAWPK</code> flag. These extensions will only negotiate enabled cert types. In case only the default is enabled then these extensions will not send anything. This is default behaviour according to the spec.

We also agreed on removed the old flag to enable these extensions explicitly because this is not needed anymore when we explicitly enable cert types via their own dedicated flags.</p>

</blockquote>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_119373137">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/c99fa4bf1db4348cd6b7d3382e0422d2/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/merge_requests/650#note_119373137"}}</script>

</p>

</div>

</body>

</html>