Hi Simon, I tried to use TLS 1.2 with and without sign callback, and I still see a signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't it be max 35 then? Maybe we should check, whether I check the right variables:
In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure called dconcat. dconcat.size holds the hash size, right? and dconcat.data should hold the hash itself? dconcat.size has a value of 36 for me... If I use the sign callback, I print the value of hash->size (=36) and hash->data (cannot see the OID included in that value, so for me it looks like it is really not SHA-1 only). Maybe I check the wrong values? BTW: I used the latest Snapshot, 2.9.8 to test it. Sorry... :-/ Carolin Simon Josefsson wrote: > Carolin Latze <[email protected]> writes: > > >> Hi all, >> >> according to RFC 5246, TLS 1.2 should use a standard signature, but if >> I enable TLS 1.2 in GnuTLS and print out the hash size it says >> 36... that does not sound like a standard signature.. I would expect >> something like 20 for SHA1. Am I wrong? >> > > Hi! With GnuTLS 2.9.7 I hope this should work better -- could you take > a look? It should have more solid TLS 1.2 support. > > Thanks, > Simon > -- Carolin Latze PhD Student ICT Engineer Department of Computer Science Swisscom Strategy and Innovation Boulevard de Pérolles 90 Ostermundigenstrasse 93 CH-1700 Fribourg CH-3006 Bern phone: +41 26 300 83 30 +41 79 72 965 27 homepage: http://diuf.unifr.ch/people/latzec _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
