mau94319 at cse.iitd.ernet.in
Sat Feb 26 09:09:59 CET 2000
>> GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);
>There is not need, that SIZEOF_GNUTLS_STATE is know for users of
>gnutls. Better initialize the state with an init function:
actually no. size of GNUTLS_STATE will vary during the session anyways.
however, an init function should be used anyway as GNUTLS_STATE could be
initialized to different values based on client's environment params,
preferences for this session etc. (or will this be handled by the
gnutls_init later down with other initializations?)
> GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);
> [in case we support session resuming:
> GNUTLS_SESSIONS *sessions=malloc(20*SIZEOF_SESSION);
> /* keep a buffer of the last 20 sessions. A single session should
> * have a timestamp, so it will expire in a few hours
> * in case of client:
> GNUTLS_SESSIONS *session=malloc(1*SIZEOF_SESSION);
I am not very experienced but 20 sessions looks like an overkill to me
in most cases. Can we replace that with a sorted list or something?
Also, why should client keep only one session? I dont know but are there
absolutely no circumstances when client would like to revert to a
previously negotiated session?
> /* This file should have the certificate of the client/server */
> gnutls_set_certificate(state, "/home/nmav/certificate");
> /* or NULL in case of client */
> /* This file should have the public keys of the trusted CAs */
> gnutls_set_certificate_authorities(state, "/home/nmav/cas");
we can add checking of return status with both of the above.
otherwise nice work nikos. looks okay to me.
with warm regards
More information about the Gnutls-devel