interface

Nikos Mavroyanopoulos nmav at hellug.gr
Fri Feb 25 09:30:33 CET 2000


What do you think on this api? I think it is high level enough.

GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);

[in case we support session resuming:
GNUTLS_SESSIONS *sessions=malloc(20*SIZEOF_SESSION);
/* keep a buffer of the last 20 sessions. A single session should
 * have a timestamp, so it will expire in a few hours 
 *
 * in case of client:
GNUTLS_SESSIONS *session=malloc(1*SIZEOF_SESSION);
]

gnutls_init(state, GNUTLS_SERVER);
/* or in case of a client: gnutls_init(state, GNUTLS_CLIENT); */


/* This file should have the certificate of the client/server */
gnutls_set_certificate(state, "/home/nmav/certificate");
/* or NULL in case of client */

/* This file should have the public keys of the trusted CAs */
gnutls_set_certificate_authorities(state, "/home/nmav/cas");

[connect to a tls host using a descriptor (cd), or receive a
connection(server)]

/* This changes the state which was initialized to null 
 * eg. 3des is now used instead of plaintext
 * This actually handles all the dirty job (handshake and certification
 * verify)
 */
error=gnutls_handshake(cd, state, NULL);
[or error=gnutls_handshake(cd, state, sessions);
/* gnutls_handshake should add the current session into sessions, or
 * resume from a previous session if the client requests so (and the
 * session is not expired)
 */

 /* in case of a client who wants to resume a previous session later: */
error=gnutls_handshake(cd, state, session);

/* if the client wants to keep the current session identifier: */
gnutls_save_current_session(state, session);
]
/* that way the client/server application needs to know nothing
 * about certification. I do not know if this is good or not.
 */

if (gnutls_is_fatal(error)!=0) return 2);
if (error==GNUTLS_NULL_CERTIFICATE) return 3; /* a client may send a null
certificate, but a server should send a valid one */

ret=gnutls_send(cd, state, data, sizeofdata);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session(); /* session was closed by peer */

ret=gnutls_receive(cd, state, input, sizeofinput);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session();

gnutls_finish(cd, state);
free(state);

<--------------------------------------------------->
gnutl_send/receive() will process messages of all types (alert,
change_cipher_spec, handshake, application_data). So gnutls_handshake
will be able to use these functions internally.

-- 
Nikos Mavroyanopoulos
mailto:nmav at hellug.gr



More information about the Gnutls-devel mailing list