21 May 13:53
Re: Re: Authentication during Handshake
From: Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
Subject: Re: Re: Authentication during Handshake
Newsgroups: gmane.network.gnutls.general
Date: 2008-05-21 11:53:13 GMT
Subject: Re: Re: Authentication during Handshake
Newsgroups: gmane.network.gnutls.general
Date: 2008-05-21 11:53:13 GMT
Rainer Gerhards wrote: > Hi Nikos, > > On Wed, May 21, 2008 at 1:08 PM, Nikos Mavrogiannopoulos > <n.mavrogiannopoulos <at> gmail.com> wrote: >> Simon Josefsson wrote: >> >>>> I still would see a lot of benefit in being able to check the remote >>>> peers identity BEFORE the Finished message is sent. That way, I could >>>> block access to not permitted peers at the risk of the DoS outlined >>>> above. Am I still overlooking something? >>> No, I think that is correct. Nikos, any thoughts? You added some >>> callbacks during the handshake earlier, are any of those useful here? >> No unfortunately not. The callbacks I added are called after client >> hello is received. The callbacks you discuss need to be called after the >> certificate message is received. > > Could you point me to the file where processing the certificate > message is done? I would be interested to see if I could add a > callback, and may it even just be to know how it is done ;) The file is gnutls_handshake.c. The functions you're interested in are _gnutls_handshake_client, _gnutls_handshake_server (if you're doing it for both of them). A similar callback is _gnutls_user_hello_func which is the post_hello callback. I'd glad to review and commit and patches for this issue. regards, Nikos
RSS Feed