[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Authentication during Handshake
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Authentication during Handshake |
Date: |
Fri, 30 May 2008 11:34:28 +0200 |
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
No, that is not implemented. By reading the documentation for this, I
think GnuTLS should provide a similar callback. Patches welcome. :)
/Simon
"Rainer Gerhards" <address@hidden> writes:
> Just double-checking:
>
> As far as I have seen openSSL's SSL_CTX_set_cert_verify_callback() is
> not implemented inside the compatibility layer? I am asking because of
>
> http://www.ietf.org/mail-archive/web/syslog/current/msg01963.html
>
> Thanks,
> Rainer
>
> On Wed, May 21, 2008 at 1:53 PM, Nikos Mavrogiannopoulos
> <address@hidden> wrote:
>> Rainer Gerhards wrote:
>>> Hi Nikos,
>>>
>>> On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos
>>> <address@hidden> wrote:
>>>> Simon Josefsson wrote:
>>>>
>>>>>> I still would see a lot of benefit in being able to check the remote
>>>>>> peers identity BEFORE the Finished message is sent. That way, I could
>>>>>> block access to not permitted peers at the risk of the DoS outlined
>>>>>> above. Am I still overlooking something?
>>>>> No, I think that is correct. Nikos, any thoughts? You added some
>>>>> callbacks during the handshake earlier, are any of those useful here?
>>>> No unfortunately not. The callbacks I added are called after client
>>>> hello is received. The callbacks you discuss need to be called after the
>>>> certificate message is received.
>>>
>>> Could you point me to the file where processing the certificate
>>> message is done? I would be interested to see if I could add a
>>> callback, and may it even just be to know how it is done ;)
>>
>> The file is gnutls_handshake.c. The functions you're interested in are
>> _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it
>> for both of them).
>>
>> A similar callback is _gnutls_user_hello_func which is the post_hello
>> callback.
>>
>> I'd glad to review and commit and patches for this issue.
>>
>> regards,
>> Nikos
>>
- [Help-gnutls] Re: Authentication during Handshake, (continued)
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake,
Simon Josefsson <=
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- Message not available
- Fwd: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/19
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20