safe renegotiation in client side
Simon Josefsson
simon at josefsson.org
Tue Mar 16 15:55:16 CET 2010
Could we syslog() a message with the address of the server that is buggy
when a client invokes gnutls_handshake()?
We need to extract the server IP address from a socket, though, and will
need to be very careful about handling return values from every syscall.
(It may not even be a socket, GnuTLS doesn't require that, but then it
could just say that the server is buggy with no address..)
Even if we don't have the syslog operation in upstream GnuTLS, we could
recommend a patch so that RedHat/Debian/Ubuntu/etc can apply it in their
builds. This may lead to people upgrading their important servers more
quickly.
/Simon
More information about the Gnutls-help
mailing list