[gnutls-help] [gnutls-devel] higher level session API?

Alfredo Pironti alfredo.pironti at inria.fr
Fri Jan 18 11:04:50 CET 2013


Hi,

One issue I see, is what happen to the buffered data if a
(re)handshake takes place. Potentially, this changes the ciphersuite
and the peer's identity. Safe renegotiation ensures the next
ciphersuite and peer's identity have been negotiated with the previous
peer, but the application may not want to send the remaining buffered
data to the new peer with the new (potentially less secure)
ciphersuite.

Best,
Alfredo

On Thu, Jan 17, 2013 at 8:30 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> Hello,
>  I've trying ways to simplify the gnutls_session_t by adding higher
> level functions. I plan to add function that allow buffering data into a
> session prior to sending, to avoid sending many small TLS records (and
> avoid the whole overhead). Something like:
>
> ssize_t gnutls_sbuf_queue (gnutls_sbuf_t sb, const void *data,
>                            size_t data_size);
> ssize_t gnutls_sbuf_flush (gnutls_sbuf_t sb);
>
>
> However I'm wondering whether a full higher level API over
> gnutls_session_t is needed, that for example does not require to handle
> non-fatal errors (e.g. GNUTLS_E_AGAIN, or
> GNUTLS_E_WARNING_ALERT_RECEIVED). That would be the equivalent of FILE*
> for a TLS session. Any thoughts?
>
> regards,
> Nikos
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel



More information about the Gnutls-help mailing list