Tarun Upadhyaya mau94319 at
Sat Feb 26 09:09:59 CET 2000

>There is not need, that SIZEOF_GNUTLS_STATE is know for users of
>gnutls.  Better initialize the state with an init function:

actually no. size of GNUTLS_STATE will vary during the session anyways. 
however, an init function should be used anyway as GNUTLS_STATE could be
initialized to different values based on client's environment params,
preferences for this session etc. (or will this be handled by the
gnutls_init later down with other initializations?)

> [in case we support session resuming:
> GNUTLS_SESSIONS *sessions=malloc(20*SIZEOF_SESSION);
> /* keep a buffer of the last 20 sessions. A single session should
>  * have a timestamp, so it will expire in a few hours
>  *
>  * in case of client:
> ]

I am not very experienced but 20 sessions looks like an overkill to me
in most cases. Can we replace that with a sorted list or something?
Also, why should client keep only one session? I dont know but are there
absolutely no circumstances when client would like to revert to a
previously negotiated session?

> /* This file should have the certificate of the client/server */
> gnutls_set_certificate(state, "/home/nmav/certificate");
> /* or NULL in case of client */
> /* This file should have the public keys of the trusted CAs */
> gnutls_set_certificate_authorities(state, "/home/nmav/cas");

we can add checking of return status with both of the above.

otherwise nice work nikos. looks okay to me.

with warm regards

More information about the Gnutls-devel mailing list