/* Cred type mappings to KX algorithms
- * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
+ * The mappings are not 1-1. Some KX such as SRP_RSA require
* more than one credentials type.
*/
typedef struct {
fd);
if (i == 0) {
/* If we get here, we likely have a stream socket.
- * FIXME: this probably breaks DCCP. */
+ * That assumption may not work on DCCP. */
gnutls_assert();
ret = 0;
goto cleanup;
* gnutls_certificate_free_cas:
* @sc: is a #gnutls_certificate_credentials_t type.
*
- * This function will delete all the CAs associated with the given
- * credentials. Servers that do not use
- * gnutls_certificate_verify_peers2() may call this to save some
- * memory.
+ * This function was operational on very early versions of gnutls.
+ * Due to internal refactorings and the fact that this was hardly ever
+ * used, it is currently a no-op.
+ *
**/
void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc)
{
- /* FIXME: do nothing for now */
return;
}
_gnutls_set_keys(gnutls_session_t session, record_parameters_st * params,
unsigned hash_size, unsigned IV_size, unsigned key_size)
{
- /* FIXME: This function is too long
- */
uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
int pos, ret;
int block_size;
return GNUTLS_E_UNEXPECTED_PACKET;
}
- /* TODO: determine if we need to do anything with the server version field */
DECR_LEN(len, 2);
pos += 2;
}
/* This returns the session hash as in draft-ietf-tls-session-hash-02.
- *
- * FIXME: It duplicates some of the actions in _gnutls_handshake_sign_crt_vrfy*.
- * See whether they can be merged.
*/
int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t *shash)
{
/* Find an object with private key class and a certificate ID
* which matches the certificate. */
- /* FIXME: also match the cert subject. */
a[0].type = CKA_CLASS;
a[0].value = &class;
a[0].value_len = sizeof class;
return ret;
}
- /* FIXME: copy key usage flags */
-
+ /* We do not copy key usage flags.
+ */
a[0].type = CKA_CLASS;
a[0].value = &class;
a[0].value_len = sizeof(class);
a[1].value_len = cid->size;
}
+ /* we do not use the key usage flags; these are apparent from
+ * the certificate itself. */
a[2].type = CKA_VALUE;
a[2].value = der;
a[2].value_len = der_size;
a[4].type = CKA_CERTIFICATE_TYPE;
a[4].value = &type;
a[4].value_len = sizeof(type);
- /* FIXME: copy key usage flags */
a_val = 5;
pk = gnutls_x509_privkey_get_pk_algorithm(key);
FIX_KEY_USAGE(pk, key_usage);
- /* FIXME: copy key usage flags */
a_val = 0;
a[a_val].type = CKA_CLASS;
a[a_val].value = &class;
/* Disallowed
o Old Hangul Jamo characters, i.e., the OldHangulJamo ("I") category
- [FIXME: not handled in this code]
+ (not handled in this code)
o Control characters, i.e., the Controls ("L") category
return _gnutls_asn2err(result);
}
- /* FIXME: If the parameters are not included in the certificate
+ /* If the parameters are not included in the certificate
* then the issuer's parameters should be used. This is not
- * done yet.
+ * implemented, and is not used in practice (along with DSA).
*/
/* Read p */
_asnstr_append_name(name, sizeof(name), root,
".algorithm.parameters");
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * needed in practice though.
- */
if (pk_algorithm != GNUTLS_PK_RSA && pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519) {
/* RSA and EdDSA do not use parameters */
result = _gnutls_x509_read_value(asn, name, &tmp);
* This will be sent to clients when a certificate
* request message is sent.
*/
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- * Further, this function is now much more efficient,
- * so optimizing that is less important.
- */
tmp.data = ca->raw_dn.data;
tmp.size = ca->raw_dn.size;
char *lineptr = NULL;
ssize_t len;
- /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding.
- Reject non-S/MIME tagged Content-Type's? */
+ /* Find body. We do not handle non-b64 Content-Transfer-Encoding. */
do {
len = getline(&lineptr, &linesize, infile);
if (len == -1) {
projects / thirdparty / gnutls.git / commitdiff
