Re: [gnet-dev] [PATCH]

From: David Helder <dhelder gizmolabs org>
To: gnet-dev gnetlibrary org
Subject: Re: [gnet-dev] [PATCH]
Date: 05 Sep 2003 10:03:57 -0400
Oops.

-----Forwarded Message-----

From: Szalai Ferenc <szferi angel elte hu>
To: David A. Helder <dhelder gizmolabs org>, gnet-devel gnetlibrary org
Subject: Re: [gnet-dev] [PATCH] SSL
Date: 01 Sep 2003 08:17:36 +0200

Hello,

My notes:

1. In the last version of the patch (which is on the web) I intoduced an
defult context because I would like to hide the session from application
developer and it was big help when I implemented the async communication
function. This was my main problem: How can I pass the appropiate
context and session structures for given async functions? 

2. The main ide why the context and the session was separeted was the
session cacheing mechanizm in SSL. In this case the openssl session can
be reused for performance reasons. I think if we want to use the feature
the GNetSSLContext and GNetSSLSession shoul be seperate as well. So
acctually I don't know how can we do this with one GSSLOprion structure
but I think it is probably possible. (I thinking ... :) 

3. I think my patch was a first step and lot of modifications are
required because there are a lot of code duplication on that.
 
>   GSSLOptions*
>   gnet_ssl_options_new ()
>                   _use_key (key file)
> 		  _use_certificate_file (certificate file)
> 		...
> 	I don't know't OpenSSL very well, so I don't know what API
> 	make sense here.  The point is the arguments to the constructor
> 	should be manditory (assert != NULL).  Then call set_XXX for
> 	optional things.  (Or, have a _new(manditory arguments) and
> 	_new_full(manditory + optional arguements) if that makes more
> 	sense.  
In very special case there isn't manditory argument because if you not specify 
any of them you may get a defaults or non secure context.

>   GIOChannel*
>   gnet_ssl_io_channel_new_connect (GIOChannel* iochannel, 
> 				   GSSLOptions* options);
>     (calls SSL_connect, creates IOChannel from old IOChannel
> 
>   GIOChannel*
>   gnet_ssl_io_channel_new_accept (GIOChannel* iochannel, 
>   				  GSSLOptions* options);
>     (calls SSL_accept, ...)
I think is is good idea.

> GTCPSocket does not need know about SSL.  We could add SSL
> constructors that would call gnet_ssl_io_channel_new_XXX() and set the
> IOChannel appropriately.  Currently tcp_socket_get_io_channel() would
> return the raw iochannel, not the SSL iochannel.  I don't think this is
> a necessary feature.
It is true but the get_io_channel works well because the tcp_ssl
functions set the channel correctly in inicialization state (see my the
comment on code)

Regards,
Ferenc


-- 
David Helder - dhelder gizmolabs org - http://www.gizmolabs.org/~dhelder
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]