[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11 |
Date: |
Tue, 29 May 2012 22:48:50 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120510 Icedove/10.0.4 |
On 05/29/2012 10:37 PM, Michal Suchanek wrote:
>> hsk->start_offset is always 0.
>> hsk->end_offset is always (hsk->length - 1) [because this isn't DTLS].
>>
>> So the check added in 67f4dba6 is going to always reject a fragmented
>> handshake packet.
> Now what I do not get is how a pile of CA certificates is fragmenting
> the packets.
In the TLS protocol the server advertises its CA certificates so a
client would know which certificate to present. If a server trusts all
the certificates in the system, the server would advertise all of them
(their DNs actually).
regards,
Nikos
Re: Big CA certificate bundle causes problems with GnuTLS 3.0.11, Nikos Mavrogiannopoulos, 2012/05/29