diff options
author | Daiki Ueno <ueno@gnu.org> | 2022-09-19 21:52:35 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2022-09-19 21:52:35 +0000 |
commit | cde0061c33d56258281a4d6033eba1d85e75e32d (patch) | |
tree | 8ce3e244d3287750e239009c428523c7f291796b /lib | |
parent | 84546da2c30d84a7aaeaf82af1f6d0b101b54d81 (diff) | |
parent | ba1f062bf0a5620ec45b70396e845a9d704a624e (diff) | |
download | gnutls-cde0061c33d56258281a4d6033eba1d85e75e32d.tar.gz |
Merge branch 'wip/dueno/cert-compression-followup' into 'master'
compress-cert: support compression of client certificates
Closes #1397
See merge request gnutls/gnutls!1641
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ext/compress_certificate.c | 6 | ||||
-rw-r--r-- | lib/ext/compress_certificate.h | 8 | ||||
-rw-r--r-- | lib/tls13/certificate_request.c | 15 |
3 files changed, 26 insertions, 3 deletions
diff --git a/lib/ext/compress_certificate.c b/lib/ext/compress_certificate.c index 8144368faa..8f8d75c9ad 100644 --- a/lib/ext/compress_certificate.c +++ b/lib/ext/compress_certificate.c @@ -161,7 +161,7 @@ gnutls_compress_certificate_set_methods(gnutls_session_t session, return 0; } -static int +int _gnutls_compress_certificate_recv_params(gnutls_session_t session, const uint8_t * data, size_t data_size) @@ -209,7 +209,7 @@ endloop: return 0; } -static int +int _gnutls_compress_certificate_send_params(gnutls_session_t session, gnutls_buffer_st * data) { @@ -245,7 +245,7 @@ const hello_ext_entry_st ext_mod_compress_certificate = { .client_parse_point = GNUTLS_EXT_TLS, .server_parse_point = GNUTLS_EXT_TLS, .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | - GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO, + GNUTLS_EXT_FLAG_CLIENT_HELLO, .recv_func = _gnutls_compress_certificate_recv_params, .send_func = _gnutls_compress_certificate_send_params, .deinit_func = _gnutls_hello_ext_default_deinit diff --git a/lib/ext/compress_certificate.h b/lib/ext/compress_certificate.h index 88199da187..b7083742ef 100644 --- a/lib/ext/compress_certificate.h +++ b/lib/ext/compress_certificate.h @@ -38,4 +38,12 @@ extern const hello_ext_entry_st ext_mod_compress_certificate; gnutls_compression_method_t _gnutls_compress_certificate_num2method(uint16_t num); int _gnutls_compress_certificate_method2num(gnutls_compression_method_t method); +int +_gnutls_compress_certificate_recv_params(gnutls_session_t session, + const uint8_t * data, + size_t data_size); +int +_gnutls_compress_certificate_send_params(gnutls_session_t session, + gnutls_buffer_st * data); + #endif /* GNUTLS_LIB_EXT_COMPRESS_CERTIFICATE_H */ diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 37e7b41049..b613cab13f 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -25,6 +25,7 @@ #include "extv.h" #include "handshake.h" #include "tls13/certificate_request.h" +#include "ext/compress_certificate.h" #include "ext/signature.h" #include "ext/status_request.h" #include "mbuffers.h" @@ -128,6 +129,13 @@ int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data, unsig ctx->rdn = data+2; ctx->rdn_size = v; + } else if (tls_id == ext_mod_compress_certificate.tls_id) { + ret = _gnutls_compress_certificate_recv_params(session, + data, + data_size); + if (ret < 0) { + return gnutls_assert_val(ret); + } } return 0; @@ -357,6 +365,13 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) session->internals.hsk_flags |= HSK_CLIENT_OCSP_REQUESTED; #endif + ret = _gnutls_extv_append(&buf, ext_mod_compress_certificate.tls_id, session, + (extv_append_func)_gnutls_compress_certificate_send_params); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + ret = _gnutls_extv_append_final(&buf, init_pos, 0); if (ret < 0) { gnutls_assert(); |