On Tue, 2015-04-14 at 15:07 +0300, Nikos Mavrogiannopoulos wrote: > Indeed. Re-authentication cannot happen transparently in an application, > i.e., suddenly the server or client change identity and no-one is > notified. The fact that gnutls insists on explicit re-authentication by > the application, protected applications from attacks like the triple > handshake attack and the other re-handshake-based attacks on TLS. ... which is why I need to think hard about the fact that my patch automatically just *does* the renegotiation whenever it's asked to. And check it'll do the right thing if the server identity changes, etc. Currently if we are suddenly offered a different cert we might just accept it (if it's valid), or maybe even trigger a certificate validation callback if it's not. We should probably make it accept *only* the *same* certificate as before. And might also want to limit the circumstances in which it tolerates renegotiation at all ? only when talking to a Network Connect server, and only at certain points in the connection. Not this week though. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150414/67b2e160/attachment.bin>
