On 10/31/2012 02:46 PM, Martin Storsjo wrote:
The code is heavily modelled on the server_name extension
implementation.
Hello,
Thank you for the patch. After the negotiation though, how does the
SRTP layer gets the keys? Or would a later patch make gnutls output SRTP?
Open questions:
- Would it be necessary to add an accessor function for quering
the offered profiles that have been set?
- The profile name strings match the ones used in OpenSSL, but
compared with the RFC, they lack a "HMAC_" before "SHA1". Is
this ok?
I don't know. How do you expect users to get those names? If they get it
from the RFC then being identical to it would help. Otherwise you may
just add a small section in the gnutls manual with the available options.
- Is it ok to have both the setter and getter functions use strings?
The corresponding APIs in OpenSSL set the profiles based on a string,
but expose the selected profile via a struct.
see below.
+int
+gnutls_srtp_get_selected_profile (gnutls_session_t session, char *profile,
+ size_t *profile_length)
I think it would be easier for a user of this function to have profiles
in an enumeration and this function to return a member of this enumeration.
That may need though a function such as
const char* gnutls_srtp_get_profile_name(gnutls_srtp_profile_t)
to return a printable name.
+/**
+ * gnutls_srtp_set_profiles:
+ * @session: is a #gnutls_session_t structure.
+ * @profiles: is a string that contains the supported SRTP profiles,
+ * separated by colons.
+ *
+ * This function is to be used by both clients and servers, to declare
+ * what SRTP profiles they support, to negotiate with the peer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
+ * otherwise a negative error code is returned.
+ **/
+int
+gnutls_srtp_set_profiles (gnutls_session_t session,
+ const char *profiles)
I see that here a string helps because multiple profiles can be
specified. However an interface similar to gnutls_priority_set_direct()
would suit better human-provided strings since it would allow pointing
out the typo.
e.g.
gnutls_srtp_set_profiles (gnutls_session_t session,
const char *profiles, char** err_pos)