[gnutls-help] Truly non-blocking example of gnutls usage
Alex Bligh
alex at alex.org.uk
Thu Apr 14 11:00:15 CEST 2016
Nikos,
On 14 Apr 2016, at 09:49, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>> I do now:
>> https://github.com/abligh/tlsproxy
>
> Thank you. That seems quite a nice and concise example,
Thanks.
> although it is
> not as small (1-3 pages) to include in the manual. I've added a
> reference instead and included it in gnutls as a submodule under
> doc/examples/tlsproxy. Do you plan to keep/update that repository?
Yes I do, though hopefully it won't change too often.
I've submitted tlsproxy.c to nbd (network block device), so it
should have at least one user.
> PS. Few comments:
> I would not use select() any more. It is hard to get right and under
> glibc it causes stack overflow if any of the fds is over 1024.
I agree. But determining whether poll / ppoll etc. is available
is a pain, and in this instance there are only two FDs. I
can't remember how prevalent poll is (as opposed to ppoll);
perhaps I convert it to use poll().
> You could further simplify the example by using
> gnutls_certificate_verification_status_print() instead of checking
> statuses manually (that would introduce dependency to gnutls over
> 3.1.4, but it is future proof with regards to message reporting).
Again I agree, but I wanted this to compile on LTS Ubuntu
(currently 14.04) which ships with 2.12.23-12ubuntu2.4 (unfortunately).
> You seem to call gnutls_bye() unconditionally. It may be better to
> send gnutls_alert_send_appropriate() on error condition, and
> gnutls_bye() with _WR only, since you are not interested in properly
> closing the channel at this point. RDWR is suitable for the cases that
> you want to close the channel and re-use it (send unencrypted data).
OK I should probably look at that one, thanks.
--
Alex Bligh
More information about the Gnutls-help
mailing list