On 30.4.2004, at 23:19, Jaldhar H. Vyas wrote:
Looks like it's read/write/handshake functions were changed (fixed?) to work very much like OpenSSL's, ie. read/write can return that handshake renegoatiation is needed, and read can fail because if needs to write and vice versa. The ssl-proxy-openssl.c code should just be copy&pasted to gnutls version and the function calls changed.
Any volunteers? :)
Well here is an attempt. I asked around and gnutls10 is supposed to be basically compatible with gnutls7, they've just changed some API names and prototypes.
I haven't really been able to test this much but fwiw, it compiles cleanly and doesn't make dovecot crash (at least so far :-)
It still doesn't check gnutls_record_recv/send return values, so if the record can't be fully read/written the connection might get stuck.. The current code only tries to re-read if gnutls_record_recv fails, but it might need to re-send or re-handshake instead which it doesn't attempt, the same for gnutls_record_send..