Monoculture
Ben Laurie
ben at algroup.co.uk
Sat Oct 4 09:10:51 EDT 2003
Victor.Duchovni at morganstanley.com wrote:
> On Thu, 2 Oct 2003, Thor Lancelot Simon wrote:
>
>
>>1) Creates a socket-like connection object
>>
>>2) Allows configuration of the expected identity of the party at the other
>> end, and, optionally, parameters like acceptable cipher suite
>>
>>3) Connects, returning error if the identity doesn't match. It's
>> probably a good idea to require the application to explicitly
>> do another function call validating the connection if it decides to
>> continue despite an identity mismatch; this will avoid a common,
>> and dangerous, programmer errog.
>>
>>4) Provides select/read operations thereafter.
>>
>
>
> Speaking as a Postfix developer, it would be very useful to have a
> non-blocking interface that maintained an event bitmask and
> readable/writable callbacks for the communications channel, allowing a
> single-threaded application to get other work done while a TLS negotiation
> is in progress, or to gracefully time out the TLS negotiation if progress
> is too slow. This means that the caller should be able to tear down the
> state of a partially completed connection at any time without memory leaks
> or other problems.
Again, you can do this with OpenSSL.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list