[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU TLS 2.9.9 , sign/hash extension support
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: GNU TLS 2.9.9 , sign/hash extension support |
Date: |
Mon, 08 Mar 2010 18:45:24 +0100 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Manish Patidar wrote:
> Hi ,
>
> I was going through the GNU TLS 2.9.9 source code that support TLS 1.2.
> I have following doubts in gnutls that support of TLS 1.2 rfc
>
> 1. While selecting server cert and chain, GNUTLS just compare server
> certificate with client requested sign/hash extension, not the whole chain.
>
> if it matched one of the server certificate , it will select the chain.
> but according to TLS 1.2 , whole chain must matched with one of the
> sign/hash algo supported by client.
>
> Is my understanding is correct ..?
which part of TLS 1.2 are you referring to?
regards,
Nikos