[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another renegotiation patch
|
From: |
Tomas Hoger |
|
Subject: |
Re: Another renegotiation patch |
|
Date: |
Wed, 24 Feb 2010 17:06:48 +0100 |
On Thu, 18 Feb 2010 15:04:55 +0100 Tomas Hoger <address@hidden>
wrote:
> Looks like the current behavior is intentional:
>
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2a10542bf8f7cfbd5e6a4b17c8d502133da93fc5
Can you have a look at the attached diff. It moves GNUTLS_CLIENT test,
so that the "Allowing/Denying unsafe initial negotiation" message is
logged instead of "Allowing/Denying unsafe renegotiation" on initial
client connection.
It also add HANDSHAKE_FAILURE alert for unsafe initial negotiation
(client), which is required by RFC 5746, 4.1. Though I'm wondering if
this is the right place to generate this alert. If gnutls-serv refuses
initial connection from the unpatched client, HANDSHAKE_FAILURE alert
is generated, but it's from application rather than library. Should
those alerts be generated by applications or library?
I'd also consider removing %INITIAL_SAFE_RENEGOTIATION from
gnutls-cli.1 (always enforced) and mention client/server defaults in
gnutls_priority_init.3. Should I try submitting changes proposal?
th.
gnutls-hsfail-alert.diff
Description: Text Data
- Re: Another renegotiation patch, Simon Josefsson, 2010/02/18
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/18
- Re: Another renegotiation patch, Simon Josefsson, 2010/02/18
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/18
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/21
- Re: Another renegotiation patch,
Tomas Hoger <=
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/25
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/26
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/27
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/26
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/27