On 05/29/2012 10:37 PM, Michal Suchanek wrote: >> hsk->start_offset is always 0. >> hsk->end_offset is always (hsk->length - 1) [because this isn't DTLS]. >> >> So the check added in 67f4dba6 is going to always reject a fragmented >> handshake packet.
> Now what I do not get is how a pile of CA certificates is fragmenting > the packets. In the TLS protocol the server advertises its CA certificates so a client would know which certificate to present. If a server trusts all the certificates in the system, the server would advertise all of them (their DNs actually). regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
