Skip to content

TLS channel binding updates

Michael Catanzaro requested to merge mcatanzaro/channel-bindings-take-two into master

The tls-unique channel binding type is not supported under TLS 1.3. Since GnuTLS 3.7.2, this now fails differently than before. Previously, the call to g_tls_connection_get_channel_binding_data() would succeed but return no data. That was a bug. Now it fails, as expected.

Since our tests are not supposed to have different behavior depending on TLS backend or TLS version, let's just rewrite this test to allow tls-unique to fail.

Fixes #164 (closed)

Also: gnutls: use new GnuTLS channel binding implementations when possible

Ruslan has landed support for the server endpoint and exporter channel binding types in GnuTLS, so let's depend on that if available. We can retain his original implementations as fallback until GnuTLS 3.7 is stable.

Edited by Michael Catanzaro

Merge request reports

Loading