[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] Re: SSL_connect and non-blocking i/o
|
From: |
Simon Josefsson |
|
Subject: |
[gnutls-dev] Re: SSL_connect and non-blocking i/o |
|
Date: |
Thu, 13 Jul 2006 16:55:23 +0200 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
Jefferson Ogata <address@hidden> writes:
> First of all, my diff was not intended as a final patch, but merely to
> document that something is not implemented correctly in SSL_connect().
Understood, thanks. By the look of the code, I think
libgnutls-openssl is a somewhat neglected part of GnuTLS. It isn't
really a priority for me, but I'd be happy to install patches.
> As you can see, your SSL_connect() returns 0 regardless of the error, so
> the caller won't know that SSL_connect() needs to be called again.
A bug, it seems.
> In addition, you have this loop to call gnutls_protocol_set_priority()
> on every entrance to SSL_connect() regardless of the connection state.
> Is it safe/advisable to call gnutls SSL_connect() repeatedly?
Since the OpenSSL API says you should do that, the GnuTLS emulation
API should be the same. I think it should work.
> Then there's the fact that you ignore the return value from the
> verification callback, fail to implement SSL_*_set_verify_depth(), fail
> to #define or implement SSL_VERIFY_PEER, SSL_VERIFY_IF_NO_PEER_CERT,
> SSL_VERIFY_CLIENT_ONCE, fail to do certificate preverification, fail to
> implement SSL_*_load_verify_locations(), but we can get to all that
> later (I'll be happy to help). :^)
I'm sure you are right here. As they say, patches welcome. :-)
/Simon