Bug 26507

Summary: Add new methods to the GNUTls implementation of Wocky
Product: Wocky Reporter: Cosimo Cecchi <cosimoc>
Component: GeneralAssignee: Sjoerd Simons <sjoerd>
Status: NEW --- QA Contact:
Severity: normal    
Priority: medium    
Version: git master   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Cosimo Cecchi 2010-02-10 02:31:37 UTC 
Branch at [1] adds two new method pairs (as in server/client session).

- the first pair is an API that makes it possible for the server to require the client certificate during the TLS handshake (and for the client to provide it). This is useful e.g. in XTLS, when the client and server needs mutual authentication.

- the second pair is an API that enables SRP-based handshake instead of an X.509-based one. The way it works is not mutual-exclusive, i.e. you can set the server session to accept both SRP and X.509 and the client to provide both, in case the server asks for one or the other.

Caveats:

- this is only implemented in the GNUTls backend
- the first part could also be implemented for OpenSSL
- the SRP part can't be implemented there ATM, as SRP has still not been merged into OpenSSL proper (see [2]).

Open questions:

- the APIs that can fail (e.g. when you import certificates) could use a GError? Probably in that case other APIs there such as wocky_tls_add_ca() should be updated to use GErrors for consistency (comments welcome here).
- should I implement the first part in OpenSSL as well?

[1] http://git.collabora.co.uk/?p=user/cosimoc/wocky.git;a=shortlog;h=refs/heads/tls-additions
[2] http://rt.openssl.org/Ticket/Display.html?id=1794&user=guest&pass=guest

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.