[gnutls-dev] Re: SSL_connect and non-blocking i/o
Simon Josefsson
jas at extundo.com
Thu Jul 13 16:55:23 CEST 2006
Jefferson Ogata <Jefferson.Ogata at noaa.gov> writes:
> First of all, my diff was not intended as a final patch, but merely to
> document that something is not implemented correctly in SSL_connect().
Understood, thanks. By the look of the code, I think
libgnutls-openssl is a somewhat neglected part of GnuTLS. It isn't
really a priority for me, but I'd be happy to install patches.
> As you can see, your SSL_connect() returns 0 regardless of the error, so
> the caller won't know that SSL_connect() needs to be called again.
A bug, it seems.
> In addition, you have this loop to call gnutls_protocol_set_priority()
> on every entrance to SSL_connect() regardless of the connection state.
> Is it safe/advisable to call gnutls SSL_connect() repeatedly?
Since the OpenSSL API says you should do that, the GnuTLS emulation
API should be the same. I think it should work.
> Then there's the fact that you ignore the return value from the
> verification callback, fail to implement SSL_*_set_verify_depth(), fail
> to #define or implement SSL_VERIFY_PEER, SSL_VERIFY_IF_NO_PEER_CERT,
> SSL_VERIFY_CLIENT_ONCE, fail to do certificate preverification, fail to
> implement SSL_*_load_verify_locations(), but we can get to all that
> later (I'll be happy to help). :^)
I'm sure you are right here. As they say, patches welcome. :-)
/Simon
More information about the Gnutls-dev
mailing list