Re: GNU TLS 2.9.9 , sign/hash extension support

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU TLS 2.9.9 , sign/hash extension support

From:	Nikos Mavrogiannopoulos
Subject:	Re: GNU TLS 2.9.9 , sign/hash extension support
Date:	Mon, 08 Mar 2010 18:45:24 +0100
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Manish Patidar wrote:
> Hi ,
> 
> I was going through the GNU TLS 2.9.9 source code that support TLS 1.2.
> I have following doubts in gnutls that support of TLS 1.2 rfc
> 
> 1. While selecting server cert and chain,  GNUTLS just compare server
> certificate with client requested sign/hash extension, not the whole chain.
> 
>     if it matched one of the server certificate , it will select the chain.
>     but according to TLS 1.2 , whole chain must matched with one of the
> sign/hash algo supported by client.
> 
>     Is my understanding is correct ..?

which part of TLS 1.2 are you referring to?

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

GNU TLS 2.9.9 , sign/hash extension support, Manish Patidar, 2010/03/08
- Re: GNU TLS 2.9.9 , sign/hash extension support, Nikos Mavrogiannopoulos <=

Prev by Date: GNU TLS 2.9.9 , sign/hash extension support
Next by Date: Safe renegotiation in SSL3 protocol not working
Previous by thread: GNU TLS 2.9.9 , sign/hash extension support
Next by thread: Safe renegotiation in SSL3 protocol not working
Index(es):
- Date
- Thread