The main reason is that in a proxying environment when you get the sni from the client, you need to connect to the server first, get the certificate, and send that certificate back to the client. You see that this is only possible if I suspend the handshake with the client and continue with the server, and after I got the certificate I can continue with the client.
The callback mechanism in GnuTLS would be good if I could return from it with something like (SUSPEND, or even E_AGAIN, E_INTERRUPT), and next time I call the gnutls_handshake function it would continue where it left off. On Thu, May 22, 2014 at 8:54 AM, Nikos Mavrogiannopoulos <[email protected]>wrote: > On Wed, May 21, 2014 at 11:12 AM, DEXTER <[email protected]> wrote: > > Hi, > > > > I'm trying to write a gnutls server where I can suspend the handshake > > procedure and then continue. > > What I'm trying to achieve is to get the SNI from the client, suspend the > > handshake, do something else depending on the SNI, then come back to the > > handshake and continue. > > Hello, > Why not do everything you need in the callback? As it is now the > callback is not designed to allow interruption as you describe it. > > > The question is that is this the way one should do to continue a > suspended > > handshake, or is there another way to do it? > > Not that I know of. The best you can do is use the callback mechanisms. > > regards, > Nikos >
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
