comments on gio TLS (SSL) APIs wanted

From: Dan Winship <danw gnome org>
To: "gtk-devel-list gnome org" <gtk-devel-list gnome org>
Cc: Christian Kellner <gicmo gnome org>, Ryan Lortie <desrt desrt ca>, Alexander Larsson <alexl redhat com>, Benjamin Otte <otte gnome org>
Subject: comments on gio TLS (SSL) APIs wanted
Date: Thu, 11 Nov 2010 15:07:03 -0500

Hey, there is code on the "tls" branch of glib (and glib-networking) for
implementing TLS (aka SSL) connections now. I would like to get this
into glib before the next release, which will presumably be shortly
before the next GNOME 2.91 release, on November 29 (and then I'd like to
NOT have API breaks once a week after that :-). So this is a call for
people to look at the APIs at least (if not actually the code) and say
"this is not totally insane" and "why yes, I could use that in my
application".

The patches are broken up into three pieces:

  - https://bugzilla.gnome.org/show_bug.cgi?id=634239 - Child GSources

    This is mostly in gmain.c, and adds support for attaching one
    GSource to another, which I originally needed to have to be able to
    sanely handle the TLS I/O flip-flopping during handshaking, but it
    turns out there are some other neat use cases too, like attaching a
    GTimeoutSource to an arbitrary other source.

  - https://bugzilla.gnome.org/show_bug.cgi?id=634241 - Pollable streams

    This adds GPollableIOStream, GPollableInputStream, and
    GPollableOutputStream, for streams that are capable of doing poll()/
    EAGAIN type non-blocking IO. This is needed because gnutls (and
    NSS and OpenSSL) expects the layer underneath it to behave like
    a socket, but there are situations where it's nice to be able
    to construct a TLS stream out of something other than a
    GSocketConnection.

  - https://bugzilla.gnome.org/show_bug.cgi?id=588189 - TLS

    There's a lot of old discussion in this bug, but the end result is
    that for the most part we add 3 new types: GTlsCertificate,
    GTlsClientConnection, and GTlsServerConnection.

    There are some notes in
    http://git.gnome.org/browse/glib/tree/gio/TLS-NOTES.txt?h=tls
    about what's not yet done or might need to change. In particular,
    the way the constructors work sucks for bindings, and I need to
    do something better.

There are gtk docs of the branch at
http://people.gnome.org/~danw/tls-docs/, and each of the 3 bugs above
has links to the specific classes/methods it adds in those docs.

Discussion should happen mostly in bugzilla I guess? Thanks in advance...

-- Dan

Follow-Ups:
- Re: comments on gio TLS (SSL) APIs wanted
  - From: Ryan Lortie

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]