enable DTLS negotiation
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sat Sep 17 04:01:53 PDT 2016
On Sat, 2016-09-17 at 08:50 +0000, David Woodhouse wrote:
> > opaque psk_identity<1..2^16-1>;
> > psk_identity identity_list<1..2^16-1>;
> >
> > That means that for id 'psk' you have:
> >
> > >
> > > uint16(size of psk + 2)||uint16(size of psk)||psk|
> > or |uint16(5)||uint16(3)||psk|
> > 2-bytes 2-bytes 3-bytes
> >
> > Where the uint16 is in big-endian order.
> More generally, since the client can propose multiple identities, it
> is...
>
> uint16 10015 // provisional extension ID
> uint16 extlen // all extensions have a length of their payload
These you shouldn't normally care about (at least in the gnutls api if
I remember well)
> ... then the payload contains what you talked about above...
> uint16 entirely_redundant_payload_len_again == extlen-2
> uint16 ident1_len
> char "dave"
> uint16 ident2-len
> char "nikos"
> ...
right.
> Can we ditch the first in uint16 in payload, given that it is
> entirely
> redundant? Or am I misreading the spec to put it there in the first
> place,
> and the formal language is supposed to *include* what I called
> 'extlen'
According to the protocol tt has to be there.
More information about the openconnect-devel
mailing list