interface
Nikos Mavroyanopoulos
nmav at hellug.gr
Fri Feb 25 09:30:33 CET 2000
What do you think on this api? I think it is high level enough.
GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);
[in case we support session resuming:
GNUTLS_SESSIONS *sessions=malloc(20*SIZEOF_SESSION);
/* keep a buffer of the last 20 sessions. A single session should
* have a timestamp, so it will expire in a few hours
*
* in case of client:
GNUTLS_SESSIONS *session=malloc(1*SIZEOF_SESSION);
]
gnutls_init(state, GNUTLS_SERVER);
/* or in case of a client: gnutls_init(state, GNUTLS_CLIENT); */
/* This file should have the certificate of the client/server */
gnutls_set_certificate(state, "/home/nmav/certificate");
/* or NULL in case of client */
/* This file should have the public keys of the trusted CAs */
gnutls_set_certificate_authorities(state, "/home/nmav/cas");
[connect to a tls host using a descriptor (cd), or receive a
connection(server)]
/* This changes the state which was initialized to null
* eg. 3des is now used instead of plaintext
* This actually handles all the dirty job (handshake and certification
* verify)
*/
error=gnutls_handshake(cd, state, NULL);
[or error=gnutls_handshake(cd, state, sessions);
/* gnutls_handshake should add the current session into sessions, or
* resume from a previous session if the client requests so (and the
* session is not expired)
*/
/* in case of a client who wants to resume a previous session later: */
error=gnutls_handshake(cd, state, session);
/* if the client wants to keep the current session identifier: */
gnutls_save_current_session(state, session);
]
/* that way the client/server application needs to know nothing
* about certification. I do not know if this is good or not.
*/
if (gnutls_is_fatal(error)!=0) return 2);
if (error==GNUTLS_NULL_CERTIFICATE) return 3; /* a client may send a null
certificate, but a server should send a valid one */
ret=gnutls_send(cd, state, data, sizeofdata);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session(); /* session was closed by peer */
ret=gnutls_receive(cd, state, input, sizeofinput);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session();
gnutls_finish(cd, state);
free(state);
<--------------------------------------------------->
gnutl_send/receive() will process messages of all types (alert,
change_cipher_spec, handshake, application_data). So gnutls_handshake
will be able to use these functions internally.
--
Nikos Mavroyanopoulos
mailto:nmav at hellug.gr
More information about the Gnutls-devel
mailing list