interface

Tarun Upadhyaya mau94319 at cse.iitd.ernet.in
Sat Feb 26 09:09:59 CET 2000


>> GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);
>There is not need, that SIZEOF_GNUTLS_STATE is know for users of
>gnutls.  Better initialize the state with an init function:

actually no. size of GNUTLS_STATE will vary during the session anyways. 
however, an init function should be used anyway as GNUTLS_STATE could be
initialized to different values based on client's environment params,
preferences for this session etc. (or will this be handled by the
gnutls_init later down with other initializations?)

> GNUTLS_STATE *state=malloc(SIZEOF_GNUTLS_STATE);
> 
> [in case we support session resuming:
> GNUTLS_SESSIONS *sessions=malloc(20*SIZEOF_SESSION);
> /* keep a buffer of the last 20 sessions. A single session should
>  * have a timestamp, so it will expire in a few hours
>  *
>  * in case of client:
> GNUTLS_SESSIONS *session=malloc(1*SIZEOF_SESSION);
> ]

I am not very experienced but 20 sessions looks like an overkill to me
in most cases. Can we replace that with a sorted list or something?
Also, why should client keep only one session? I dont know but are there
absolutely no circumstances when client would like to revert to a
previously negotiated session?

> /* This file should have the certificate of the client/server */
> gnutls_set_certificate(state, "/home/nmav/certificate");
> /* or NULL in case of client */
> 
> /* This file should have the public keys of the trusted CAs */
> gnutls_set_certificate_authorities(state, "/home/nmav/cas");

we can add checking of return status with both of the above.

otherwise nice work nikos. looks okay to me.

with warm regards
tarun



More information about the Gnutls-devel mailing list