Nikos, On 14 Apr 2016, at 09:49, Nikos Mavrogiannopoulos <[email protected]> wrote:
>> I do now: >> https://github.com/abligh/tlsproxy > > Thank you. That seems quite a nice and concise example, Thanks. > although it is > not as small (1-3 pages) to include in the manual. I've added a > reference instead and included it in gnutls as a submodule under > doc/examples/tlsproxy. Do you plan to keep/update that repository? Yes I do, though hopefully it won't change too often. I've submitted tlsproxy.c to nbd (network block device), so it should have at least one user. > PS. Few comments: > I would not use select() any more. It is hard to get right and under > glibc it causes stack overflow if any of the fds is over 1024. I agree. But determining whether poll / ppoll etc. is available is a pain, and in this instance there are only two FDs. I can't remember how prevalent poll is (as opposed to ppoll); perhaps I convert it to use poll(). > You could further simplify the example by using > gnutls_certificate_verification_status_print() instead of checking > statuses manually (that would introduce dependency to gnutls over > 3.1.4, but it is future proof with regards to message reporting). Again I agree, but I wanted this to compile on LTS Ubuntu (currently 14.04) which ships with 2.12.23-12ubuntu2.4 (unfortunately). > You seem to call gnutls_bye() unconditionally. It may be better to > send gnutls_alert_send_appropriate() on error condition, and > gnutls_bye() with _WR only, since you are not interested in properly > closing the channel at this point. RDWR is suitable for the cases that > you want to close the channel and re-use it (send unencrypted data). OK I should probably look at that one, thanks. -- Alex Bligh _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
