On 01/25/2013 05:24 PM, Tim Rühsen wrote: > You are right. Maybe the socket descriptor should go to gnutls_open(). > And isn't the hostname needed for host validation while handshaking ? I think > about gnutls_x509_crt_check_hostname().
Right. >> I like those. I'll try to add them (I think the getline is missing >> from the current code). > If it helps, look at my getline() implementation for file descriptors. > The internal variables are saved at the end of buf, but you won't need this > ugly trick since you have a session variable. I've implemented it using gnulib's getline which in turn was based on libc's one :) Now only the _open/ or _init is missing. Also I have to think of a better prefix name. I'm thinking with the high level functions to also simplify credentials handling, and initially support: 1. normal X.509 certificate verification (based on system certs) 2. TOFU (for people who don't want to buy a cert) 3. Insecure (for debugging) >>> And back to your idea with queue/flush: >>> - inspired from TCP_CORK, my idea would be something like >>> gnutls_cork() >>> do some writes >>> gnutls_uncork (or calling it gnutls_flush, if you like) >>> - or/and implementing something like the Nagle algorithm, kind of > automatic >>> cork/uncork >> >> Is that for the gnutls_session_t API? > It was just an idea without thinking about that ;-) I liked them though, because they allow the usage of buffering in the low-level API so they are there now. > A higher level API is always good for application programmers to have a fast > success (and a short learning time). Later. if things become more wicked, > they > will investigate into the mid- and/or low-level API. When I created the original low-level API I expected that there will be middle-ware libraries that wrap over sockets and TLS. It seems that even today they are no so widespread, so indeed a high level API makes sense. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
