[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Authentication during Handshake
From: |
Rainer Gerhards |
Subject: |
[Help-gnutls] Re: Authentication during Handshake |
Date: |
Fri, 30 May 2008 14:32:42 +0200 |
I am hearing the hint ;) I already pulled the git archive, let me see
if I can do anything. Looks like this becomes more important than I
originally thought...
Rainer
On Fri, May 30, 2008 at 11:34 AM, Simon Josefsson <address@hidden> wrote:
> No, that is not implemented. By reading the documentation for this, I
> think GnuTLS should provide a similar callback. Patches welcome. :)
>
> /Simon
>
> "Rainer Gerhards" <address@hidden> writes:
>
>> Just double-checking:
>>
>> As far as I have seen openSSL's SSL_CTX_set_cert_verify_callback() is
>> not implemented inside the compatibility layer? I am asking because of
>>
>> http://www.ietf.org/mail-archive/web/syslog/current/msg01963.html
>>
>> Thanks,
>> Rainer
>>
>> On Wed, May 21, 2008 at 1:53 PM, Nikos Mavrogiannopoulos
>> <address@hidden> wrote:
>>> Rainer Gerhards wrote:
>>>> Hi Nikos,
>>>>
>>>> On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos
>>>> <address@hidden> wrote:
>>>>> Simon Josefsson wrote:
>>>>>
>>>>>>> I still would see a lot of benefit in being able to check the remote
>>>>>>> peers identity BEFORE the Finished message is sent. That way, I could
>>>>>>> block access to not permitted peers at the risk of the DoS outlined
>>>>>>> above. Am I still overlooking something?
>>>>>> No, I think that is correct. Nikos, any thoughts? You added some
>>>>>> callbacks during the handshake earlier, are any of those useful here?
>>>>> No unfortunately not. The callbacks I added are called after client
>>>>> hello is received. The callbacks you discuss need to be called after the
>>>>> certificate message is received.
>>>>
>>>> Could you point me to the file where processing the certificate
>>>> message is done? I would be interested to see if I could add a
>>>> callback, and may it even just be to know how it is done ;)
>>>
>>> The file is gnutls_handshake.c. The functions you're interested in are
>>> _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it
>>> for both of them).
>>>
>>> A similar callback is _gnutls_user_hello_func which is the post_hello
>>> callback.
>>>
>>> I'd glad to review and commit and patches for this issue.
>>>
>>> regards,
>>> Nikos
>>>
>
- [Help-gnutls] Re: Authentication during Handshake, (continued)
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/20
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake,
Rainer Gerhards <=
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- Message not available
- Fwd: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/19
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20