No, that is not implemented. By reading the documentation for this, I think GnuTLS should provide a similar callback. Patches welcome. :)
/Simon "Rainer Gerhards" <[EMAIL PROTECTED]> writes: > Just double-checking: > > As far as I have seen openSSL's SSL_CTX_set_cert_verify_callback() is > not implemented inside the compatibility layer? I am asking because of > > http://www.ietf.org/mail-archive/web/syslog/current/msg01963.html > > Thanks, > Rainer > > On Wed, May 21, 2008 at 1:53 PM, Nikos Mavrogiannopoulos > <[EMAIL PROTECTED]> wrote: >> Rainer Gerhards wrote: >>> Hi Nikos, >>> >>> On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos >>> <[EMAIL PROTECTED]> wrote: >>>> Simon Josefsson wrote: >>>> >>>>>> I still would see a lot of benefit in being able to check the remote >>>>>> peers identity BEFORE the Finished message is sent. That way, I could >>>>>> block access to not permitted peers at the risk of the DoS outlined >>>>>> above. Am I still overlooking something? >>>>> No, I think that is correct. Nikos, any thoughts? You added some >>>>> callbacks during the handshake earlier, are any of those useful here? >>>> No unfortunately not. The callbacks I added are called after client >>>> hello is received. The callbacks you discuss need to be called after the >>>> certificate message is received. >>> >>> Could you point me to the file where processing the certificate >>> message is done? I would be interested to see if I could add a >>> callback, and may it even just be to know how it is done ;) >> >> The file is gnutls_handshake.c. The functions you're interested in are >> _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it >> for both of them). >> >> A similar callback is _gnutls_user_hello_func which is the post_hello >> callback. >> >> I'd glad to review and commit and patches for this issue. >> >> regards, >> Nikos >> _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
