[Dovecot] Re: 1.0-test1 released

Timo Sirainen tss at iki.fi
Fri Apr 30 23:32:35 EEST 2004


On 30.4.2004, at 23:19, Jaldhar H. Vyas wrote:

>> Looks like it's read/write/handshake functions were changed (fixed?) 
>> to
>> work very much like OpenSSL's, ie. read/write can return that 
>> handshake
>> renegoatiation is needed, and read can fail because if needs to write
>> and vice versa. The ssl-proxy-openssl.c code should just be 
>> copy&pasted
>> to gnutls version and the function calls changed.
>>
>> Any volunteers? :)
>>
>
> Well here is an attempt.  I asked around and gnutls10 is supposed to be
> basically compatible with gnutls7, they've just changed some API names 
> and
> prototypes.
>
> I haven't really been able to test this much but fwiw, it compiles 
> cleanly
> and doesn't make dovecot crash (at least so far :-)

It still doesn't check gnutls_record_recv/send return values, so if the 
record can't be fully read/written the connection might get stuck.. The 
current code only tries to re-read if gnutls_record_recv fails, but it 
might need to re-send or re-handshake instead which it doesn't attempt, 
the same for gnutls_record_send..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040430/919dafe3/attachment-0001.bin>


More information about the dovecot mailing list