<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/dilyanpalauzov">Dilyan Palauzov</a> created an issue:
</p>
<div></div>
<p dir="auto">When a server offers several certificates, openssl s_client can request from the server RSA certificate using "-sigalgs 'RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1'" and EC certificate using "-sigalgs 'ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512'".  This works for both TLS 1.2 and TLS 1.3. In gnutls-cli 3.6.5 I do not see such fuction.  Neither I see in the output of <code>gnutls-cli -l</code> anything with PSS.</p>
<ul dir="auto">
<li>Enhance gnutls-cli to be able to retrieve from the server the RSA or the EC certificatate, as the further checks, DANE, OCSP are performed towards the returned certificate and one wants to validate all certificates</li>
</ul>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/855">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/bbe6bd51d3bb25238006a824ee2c6520/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/855"}}</script>


</p>
</div>
</body>
</html>