I am hearing the hint ;) I already pulled the git archive, let me see if I can do anything. Looks like this becomes more important than I originally thought...
Rainer On Fri, May 30, 2008 at 11:34 AM, Simon Josefsson <[EMAIL PROTECTED]> wrote: > No, that is not implemented. By reading the documentation for this, I > think GnuTLS should provide a similar callback. Patches welcome. :) > > /Simon > > "Rainer Gerhards" <[EMAIL PROTECTED]> writes: > >> Just double-checking: >> >> As far as I have seen openSSL's SSL_CTX_set_cert_verify_callback() is >> not implemented inside the compatibility layer? I am asking because of >> >> http://www.ietf.org/mail-archive/web/syslog/current/msg01963.html >> >> Thanks, >> Rainer >> >> On Wed, May 21, 2008 at 1:53 PM, Nikos Mavrogiannopoulos >> <[EMAIL PROTECTED]> wrote: >>> Rainer Gerhards wrote: >>>> Hi Nikos, >>>> >>>> On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos >>>> <[EMAIL PROTECTED]> wrote: >>>>> Simon Josefsson wrote: >>>>> >>>>>>> I still would see a lot of benefit in being able to check the remote >>>>>>> peers identity BEFORE the Finished message is sent. That way, I could >>>>>>> block access to not permitted peers at the risk of the DoS outlined >>>>>>> above. Am I still overlooking something? >>>>>> No, I think that is correct. Nikos, any thoughts? You added some >>>>>> callbacks during the handshake earlier, are any of those useful here? >>>>> No unfortunately not. The callbacks I added are called after client >>>>> hello is received. The callbacks you discuss need to be called after the >>>>> certificate message is received. >>>> >>>> Could you point me to the file where processing the certificate >>>> message is done? I would be interested to see if I could add a >>>> callback, and may it even just be to know how it is done ;) >>> >>> The file is gnutls_handshake.c. The functions you're interested in are >>> _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it >>> for both of them). >>> >>> A similar callback is _gnutls_user_hello_func which is the post_hello >>> callback. >>> >>> I'd glad to review and commit and patches for this issue. >>> >>> regards, >>> Nikos >>> > _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
