Bug 26507 - Add new methods to the GNUTls implementation of Wocky
Summary: Add new methods to the GNUTls implementation of Wocky
Status: NEW
Alias: None
Product: Wocky
Classification: Unclassified
Component: General (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: Sjoerd Simons
QA Contact:
Depends on:
Reported: 2010-02-10 02:31 UTC by Cosimo Cecchi
Modified: 2010-02-10 02:31 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Cosimo Cecchi 2010-02-10 02:31:37 UTC
Branch at [1] adds two new method pairs (as in server/client session).

- the first pair is an API that makes it possible for the server to require the client certificate during the TLS handshake (and for the client to provide it). This is useful e.g. in XTLS, when the client and server needs mutual authentication.

- the second pair is an API that enables SRP-based handshake instead of an X.509-based one. The way it works is not mutual-exclusive, i.e. you can set the server session to accept both SRP and X.509 and the client to provide both, in case the server asks for one or the other.


- this is only implemented in the GNUTls backend
- the first part could also be implemented for OpenSSL
- the SRP part can't be implemented there ATM, as SRP has still not been merged into OpenSSL proper (see [2]).

Open questions:

- the APIs that can fail (e.g. when you import certificates) could use a GError? Probably in that case other APIs there such as wocky_tls_add_ca() should be updated to use GErrors for consistency (comments welcome here).
- should I implement the first part in OpenSSL as well?

[1] http://git.collabora.co.uk/?p=user/cosimoc/wocky.git;a=shortlog;h=refs/heads/tls-additions
[2] http://rt.openssl.org/Ticket/Display.html?id=1794&user=guest&pass=guest

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.