[14501] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Oct 4 14:56:10 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 04 Oct 2003 14:10:51 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <Pine.GSO.4.58.200310021711440.9026@sasas1.ms.com>
Victor.Duchovni@morganstanley.com wrote:
> On Thu, 2 Oct 2003, Thor Lancelot Simon wrote:
>
>
>>1) Creates a socket-like connection object
>>
>>2) Allows configuration of the expected identity of the party at the other
>> end, and, optionally, parameters like acceptable cipher suite
>>
>>3) Connects, returning error if the identity doesn't match. It's
>> probably a good idea to require the application to explicitly
>> do another function call validating the connection if it decides to
>> continue despite an identity mismatch; this will avoid a common,
>> and dangerous, programmer errog.
>>
>>4) Provides select/read operations thereafter.
>>
>
>
> Speaking as a Postfix developer, it would be very useful to have a
> non-blocking interface that maintained an event bitmask and
> readable/writable callbacks for the communications channel, allowing a
> single-threaded application to get other work done while a TLS negotiation
> is in progress, or to gracefully time out the TLS negotiation if progress
> is too slow. This means that the caller should be able to tear down the
> state of a partially completed connection at any time without memory leaks
> or other problems.
Again, you can do this with OpenSSL.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
