Hello, AIUI, TLS 1.3 post-handshake authentication requests can happen anytime, and thus clients need to be ready to deal with GNUTLS_E_REAUTH_REQUEST at any time. In particular, ‘gnutls_record_recv’ might return this error, and the client has to call ‘gnutls_reauth’ at that point.
In the Guile bindings, GnuTLS errors are mapped to Guile exceptions. The record layer is mapped to an I/O port, which is the abstraction used for file contents, sockets, etc. (similar to FILE* in C). The problem here is that you could get a GNUTLS_E_REAUTH_REQUEST exception in the middle of a read from an I/O ports. This breaks abstraction because the caller of that read call may not know that the port happens to be a GnuTLS record port. Have other language bindings developers faced this issue? I’m thinking that we could ask users to set a GNUTLS_E_REAUTH_REQUEST handler beforehand such that, when we get GNUTLS_E_REAUTH_REQUEST, we directly call that handler instead of throwing an exception. Thoughts? Ludo’. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
