Re: [gnutls-dev] sign callback for certificate authentication

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] sign callback for certificate authentication

From:	Ludovic Courtès
Subject:	Re: [gnutls-dev] sign callback for certificate authentication
Date:	Mon, 16 Apr 2007 16:14:41 +0200
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Hi,

Simon Josefsson <address@hidden> writes:

> void
> gnutls_session_set_appdata (gnutls_session_t session, void *p);
> void *p
> gnutls_session_get_appdata (gnutls_session_t session);

`gnutls_session_set_ptr ()' is session-global, making it inconvenient,
at best.  For instance, one call-back may need a specific type of
information, while another needs something completely different.  In
some cases, it might be possible to devise a big structure that
encompasses all these needs and pass this to `gnutls_session_set_ptr ()'.
Call-backs would then `get_ptr ()' and extract the relevant
information.

However, that leads to complex code where all call-backs have to be
aware of each other.  Or there must be an indirection hiding that.
Overall, it may prove inconvenient

> Perhaps more than one such pointer is necessary, and if so, how about:
>
> void
> gnutls_session_set_appdata (gnutls_session_t session, void *p, size_t n);
> void *p
> gnutls_session_get_appdata (gnutls_session_t session, size_t n);
>
> What do you think?
>
> The advantage with this approach is that it should be possible to use
> in existing callbacks, and consistency between various callbacks is
> good.

Yes, this approach is nicer, and avoiding breaking the API/ABI is always
cool.  ;-)

I'd suggest something like this:

  /* Attributes.  In practice, they could be indices into a `void *'
     array.  */
  typedef void *gnutls_object_attribute_t;

  /* Return a new attribute for SESSION.  */
  extern gnutls_object_attribute_t
  gnutls_session_allocate_attribute (gnutls_session_t SESSION);

  /* Store P as attribute ATTR of SESSION.  */
  extern int
  gnutls_session_set_attribute (gnutls_session_t session,
                                gnutls_object_attribute_t attr,
                                void *p);

  /* Retrieve in P the value of attribute ATTR of SESSION.  */
  extern int
  gnutls_session_get_attribute (gnutls_session_t session,
                                gnutls_object_attribute_t attr,
                                void **p);

The issue is that, for instance, the proposed sign call-back is attached
to a certificate, not a session.  Thus, a similar API would need to be
provided for `gnutls_certificate_t' as well, and potentially for all
other types where call-backs may be used (maybe there aren't so many of
them, though).

(If we were to start from scratch, I'd prefer the classic approach
outlined in my previous message.)

Thanks,
Ludovic.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] sign callback for certificate authentication, Jacob Berkman, 2007/04/09
- Re: [gnutls-dev] sign callback for certificate authentication, Simon Josefsson, 2007/04/10
- Re: [gnutls-dev] sign callback for certificate authentication, Ludovic Courtès, 2007/04/16
  - Re: [gnutls-dev] sign callback for certificate authentication, Simon Josefsson, 2007/04/16
    - Re: [gnutls-dev] sign callback for certificate authentication, Simon Josefsson, 2007/04/16
    - Re: [gnutls-dev] sign callback for certificate authentication, Ludovic Courtès <=

Prev by Date: Re: [gnutls-dev] sign callback for certificate authentication
Next by Date: [gnutls-dev] GnuTLS 1.7.8
Previous by thread: Re: [gnutls-dev] sign callback for certificate authentication
Next by thread: [gnutls-dev] Buglet in `gnutls_certificate_set_openpgp_key ()'
Index(es):
- Date
- Thread