Monoculture

[Ben Laurie]

Victor.Duchovni at morganstanley.com wrote:

> On Thu, 2 Oct 2003, Thor Lancelot Simon wrote:
> 
> 
>>1) Creates a socket-like connection object
>>
>>2) Allows configuration of the expected identity of the party at the other
>>   end, and, optionally, parameters like acceptable cipher suite
>>
>>3) Connects, returning error if the identity doesn't match.  It's
>>   probably a good idea to require the application to explicitly
>>   do another function call validating the connection if it decides to
>>   continue despite an identity mismatch; this will avoid a common,
>>   and dangerous, programmer errog.
>>
>>4) Provides select/read operations thereafter.
>>
> 
> 
> Speaking as a Postfix developer, it would be very useful to have a
> non-blocking interface that maintained an event bitmask and
> readable/writable callbacks for the communications channel, allowing a
> single-threaded application to get other work done while a TLS negotiation
> is in progress, or to gracefully time out the TLS negotiation if progress
> is too slow. This means that the caller should be able to tear down the
> state of a partially completed connection at any time without memory leaks
> or other problems.

Again, you can do this with OpenSSL.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com