<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p style="color: #777777;">

<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a>

<a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_602107176">commented</a>:

</p>

<div style="">

<p dir="auto">Not a complete review by any means, more like field notes.

I got to play with it, and with a rebase on top of <a href="https://gitlab.com/gnutls/gnutls/-/commit/4af2969d5015ce15437fd9d604337fc9529d7c8c" data-original="4af2969d50" data-link="false" data-link-reference="false" data-project="179611" data-commit="4af2969d5015ce15437fd9d604337fc9529d7c8c" data-reference-type="commit" data-container="body" data-placement="top" title="priority: reflect system wide config when constructing sigalgs" class="gfm gfm-commit has-tooltip">4af2969d</a>,</p>

<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">+++ a/lib/algorithms/ecc.c</span>

<span id="LC2" class="line" lang="plaintext">+++ b/lib/algorithms/ecc.c</span>

<span id="LC3" class="line" lang="plaintext">@@ -295,7 +295,7 @@ const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void)</span>

<span id="LC4" class="line" lang="plaintext"> unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t curve)</span>

<span id="LC5" class="line" lang="plaintext"> {</span>

<span id="LC6" class="line" lang="plaintext">        GNUTLS_ECC_CURVE_LOOP(</span>

<span id="LC7" class="line" lang="plaintext">-               if (p->id == curve && p->supported && _gnutls_pk_curve_exists(p->id))</span>

<span id="LC8" class="line" lang="plaintext">+               if (p->id == curve && (p->supported || p->supported_revertible) && _gnutls_pk_curve_exists(p->id))</span>

<span id="LC9" class="line" lang="plaintext">                        return 1;</span>

<span id="LC10" class="line" lang="plaintext">        );</span>

<span id="LC11" class="line" lang="plaintext">        return 0;</span>

<span id="LC12" class="line" lang="plaintext"></span></code></pre>

<p dir="auto">and <code>prio</code> containing</p>

<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">[global]</span>

<span id="LC2" class="line" lang="plaintext">override-mode = allowlist</span>

<span id="LC3" class="line" lang="plaintext"></span>

<span id="LC4" class="line" lang="plaintext">[overrides]</span>

<span id="LC5" class="line" lang="plaintext">secure-hash = SHA256</span>

<span id="LC6" class="line" lang="plaintext">tls-enabled-mac = AEAD</span>

<span id="LC7" class="line" lang="plaintext">secure-sig = RSA-SHA256</span>

<span id="LC8" class="line" lang="plaintext">secure-sig-for-cert = RSA-SHA256</span>

<span id="LC9" class="line" lang="plaintext">tls-enabled-cipher = AES-256-GCM</span>

<span id="LC10" class="line" lang="plaintext">tls-enabled-kx = RSA</span>

<span id="LC11" class="line" lang="plaintext">enabled-version = TLS1.2</span>

<span id="LC12" class="line" lang="plaintext">min-verification-profile = medium</span>

<span id="LC13" class="line" lang="plaintext"></span>

<span id="LC14" class="line" lang="plaintext"></span>

<span id="LC15" class="line" lang="plaintext">[priorities]</span>

<span id="LC16" class="line" lang="plaintext">SYSTEM=NONE</span></code></pre>

<p dir="auto">I was able to <code>GNUTLS_SYSTEM_PRIORITY_FILE=prio ./src/gnutls-cli -d999 google.com --priority @SYSTEM</code>.</p>

<p dir="auto">Not sure why <code>secure-sig-for-cert</code> and <code>--priority @SYSTEM</code> were needed.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_602107176">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/-/sent_notifications/7b8f199f60797e89c0f85a5db51ac01f/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1427#note_602107176"}}</script>

</p>

</div>

</body>

</html>