projects / mech_eap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7c82457) | patch
GnuTLS: Move peer certificate validation into callback function
authorJouni Malinen <j@w1.fi>
Sun, 11 Jan 2015 10:43:17 +0000 (12:43 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 11 Jan 2015 22:19:20 +0000 (00:19 +0200)
commit65ec7f4c12b3b9935dc4d788564dcb9c3a815406
treeba85ad6ff499448c8e4f9730c8aea34968a6bb63tree | snapshot
parent7c8245798fee6bb73b2438b46af187382a347012commit | diff
GnuTLS: Move peer certificate validation into callback function

GnuTLS 2.10.0 added gnutls_certificate_set_verify_function() that can be
used to move peer certificate validation to an earlier point in the
handshake. Use that to get similar validation behavior to what was done
with OpenSSL, i.e., reject the handshake immediately after receiving the
peer certificate rather than at the completion of handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/crypto/tls_gnutls.c diff | blob | history
Moonshot GSS-API mechanism