[gnutls-help] Truly non-blocking example of gnutls usage

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Apr 14 10:49:29 CEST 2016


On Sun, Apr 10, 2016 at 12:59 AM, Alex Bligh <alex at alex.org.uk> wrote:
> Nikos,
> On 8 Apr 2016, at 18:44, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>>>>
>>>> The simplest example is mini-eagain.c from the test suite which
>>>> verifies the asynchronous operation of gnutls_record_send and recv.
>>> Thanks - that was helpful. But it doesn't do a select loop
>>> as far as I can tell.
>>
>> No. A select loop will be complex and I don't know if one could have a
>> reasonable example. If you have one consider contributing it.
>
> I do now:
>   https://github.com/abligh/tlsproxy

Thank you. That seems quite a nice and concise example, although it is
not as small (1-3 pages) to include in the manual. I've added a
reference instead and included it in gnutls as a submodule under
doc/examples/tlsproxy.   Do you plan to keep/update that repository?

regards,
Nikos

PS. Few comments:
I would not use select() any more. It is hard to get right and under
glibc it causes stack overflow if any of the fds is over 1024.
You could further simplify the example by using
gnutls_certificate_verification_status_print() instead of checking
statuses manually (that would introduce dependency to gnutls over
3.1.4, but it is future proof with regards to message reporting).

You seem to call gnutls_bye() unconditionally. It may be better to
send gnutls_alert_send_appropriate() on error condition, and
gnutls_bye() with _WR only, since you are not interested in properly
closing the channel at this point. RDWR is suitable for the cases that
you want to close the channel and re-use it (send unencrypted data).

regards,
Nikos



More information about the Gnutls-help mailing list