Nikos Mavroyanopoulos nmav at
Fri Feb 25 09:30:33 CET 2000

What do you think on this api? I think it is high level enough.


[in case we support session resuming:
/* keep a buffer of the last 20 sessions. A single session should
 * have a timestamp, so it will expire in a few hours 
 * in case of client:

gnutls_init(state, GNUTLS_SERVER);
/* or in case of a client: gnutls_init(state, GNUTLS_CLIENT); */

/* This file should have the certificate of the client/server */
gnutls_set_certificate(state, "/home/nmav/certificate");
/* or NULL in case of client */

/* This file should have the public keys of the trusted CAs */
gnutls_set_certificate_authorities(state, "/home/nmav/cas");

[connect to a tls host using a descriptor (cd), or receive a

/* This changes the state which was initialized to null 
 * eg. 3des is now used instead of plaintext
 * This actually handles all the dirty job (handshake and certification
 * verify)
error=gnutls_handshake(cd, state, NULL);
[or error=gnutls_handshake(cd, state, sessions);
/* gnutls_handshake should add the current session into sessions, or
 * resume from a previous session if the client requests so (and the
 * session is not expired)

 /* in case of a client who wants to resume a previous session later: */
error=gnutls_handshake(cd, state, session);

/* if the client wants to keep the current session identifier: */
gnutls_save_current_session(state, session);
/* that way the client/server application needs to know nothing
 * about certification. I do not know if this is good or not.

if (gnutls_is_fatal(error)!=0) return 2);
if (error==GNUTLS_NULL_CERTIFICATE) return 3; /* a client may send a null
certificate, but a server should send a valid one */

ret=gnutls_send(cd, state, data, sizeofdata);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session(); /* session was closed by peer */

ret=gnutls_receive(cd, state, input, sizeofinput);
if (gnutls_is_fatal(ret)!=0) return 4;
if (ret==GNUTLS_END_SESSION) End_session();

gnutls_finish(cd, state);

gnutl_send/receive() will process messages of all types (alert,
change_cipher_spec, handshake, application_data). So gnutls_handshake
will be able to use these functions internally.

Nikos Mavroyanopoulos
mailto:nmav at

More information about the Gnutls-devel mailing list