Rainer Gerhards wrote: > Hi Nikos, > > On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos > <[EMAIL PROTECTED]> wrote: >> Simon Josefsson wrote: >> >>>> I still would see a lot of benefit in being able to check the remote >>>> peers identity BEFORE the Finished message is sent. That way, I could >>>> block access to not permitted peers at the risk of the DoS outlined >>>> above. Am I still overlooking something? >>> No, I think that is correct. Nikos, any thoughts? You added some >>> callbacks during the handshake earlier, are any of those useful here? >> No unfortunately not. The callbacks I added are called after client >> hello is received. The callbacks you discuss need to be called after the >> certificate message is received. > > Could you point me to the file where processing the certificate > message is done? I would be interested to see if I could add a > callback, and may it even just be to know how it is done ;)
The file is gnutls_handshake.c. The functions you're interested in are _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it for both of them). A similar callback is _gnutls_user_hello_func which is the post_hello callback. I'd glad to review and commit and patches for this issue. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
