[Help-gnutls] Re: Authentication during Handshake
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed May 21 13:53:13 CEST 2008
Rainer Gerhards wrote:
> Hi Nikos,
>
> On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos at gmail.com> wrote:
>> Simon Josefsson wrote:
>>
>>>> I still would see a lot of benefit in being able to check the remote
>>>> peers identity BEFORE the Finished message is sent. That way, I could
>>>> block access to not permitted peers at the risk of the DoS outlined
>>>> above. Am I still overlooking something?
>>> No, I think that is correct. Nikos, any thoughts? You added some
>>> callbacks during the handshake earlier, are any of those useful here?
>> No unfortunately not. The callbacks I added are called after client
>> hello is received. The callbacks you discuss need to be called after the
>> certificate message is received.
>
> Could you point me to the file where processing the certificate
> message is done? I would be interested to see if I could add a
> callback, and may it even just be to know how it is done ;)
The file is gnutls_handshake.c. The functions you're interested in are
_gnutls_handshake_client, _gnutls_handshake_server (if you're doing it
for both of them).
A similar callback is _gnutls_user_hello_func which is the post_hello
callback.
I'd glad to review and commit and patches for this issue.
regards,
Nikos
More information about the Gnutls-help
mailing list