[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] External signing API
From: |
Alon Bar-Lev |
Subject: |
Re: [gnutls-dev] External signing API |
Date: |
Fri, 10 Aug 2007 17:25:41 +0300 |
On 8/10/07, Simon Josefsson <address@hidden> wrote:
> Hi! The userdata is passed to the callback, see the prototype. Do you
> think another function is needed anyway?
Yes.
During cleanup the user data should be accessible in order to
optionally free it.
> > Please also add something like:
> > #define GNUTLS_E_LIBEXTESION_DEFINED_BASE -2000
> > #define GNUTLS_E_USER_DEFINED_BASE -3000
> >
> > So that external library/user may define its own set of codes.
>
> Hm, exactly what use do you see for this? Returning various different
> PKCS#11 errors? That makes sense...
Right.
> However, the return code from the signing callback influence the TLS
> handshake logic, some return codes leads to disconnect, some don't
> (although I'm having a hard time understanding how the state machine
> would recover). See gnutls_error_is_fatal. Looking at that function,
> it seems it has the wrong default: if an error code isn't known to
> gnutls, it is classified as non-fatal. That is likely incorrect, the
> internal logic needs to understand how to recover from non-fatal error
> cases, and will thus need to know about the error code. I've changed
> this.
True...
Unknown errors should be fatal.
Best Regards,
Alon Bar-Lev.
- [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/10
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10
- Re: [gnutls-dev] External signing API,
Alon Bar-Lev <=
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/11
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/12
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/12
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/12
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/13
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/13
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/13
- Re: [gnutls-dev] External signing API, Alon Bar-Lev, 2007/08/13
- Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/14
Re: [gnutls-dev] External signing API, Simon Josefsson, 2007/08/10