[gnutls-dev] [PATCH] Load DH Params from File

Mr Allwyn Fernandes gtefjknerfd at stobor.net
Thu Nov 29 04:09:57 CET 2007


Hi Simon,

On Wed, 28 Nov 2007 10:27:52 pm Simon Josefsson wrote:
> Hi!  Sorry about that, I think the gnutls-dev at gnupg.org list is
> subscribers-only.  We will move it to gnu.org soon to solve that and
> other problems but we haven't had time yet.  Sorry for slow response as
> well.

No problems... My message got through in the end, so I'm not too 
concerned. :-)

My main worry is that the bugs@ address is advertised as the main way to 
report bugs, but it is something of roadblock... Even after subscribing to 
one mailing list (gnutls-dev), users get bounce messages from other mailing 
lists which they are asked to subscribe to... Maybe having that address go to 
some other mbox, so at least people can report bugs there, and have them 
discussed on the dev list later?

> > I have created a trivial patch which implements an api
> > function "gnutls_dh_params_import_pkcs3_file" from a combination
> > of "gnutls_dh_params_import_pkcs3" and
> > "gnutls_certificate_set_x509_crl_file"
[...snip...]  
> Your patch looks fine to me.  

Cool, I'm glad to hear that. What do you think of Nikos's concerns?

On Fri, 12 Oct 2007 06:28:37 pm Nikos Mavrogiannopoulos wrote:
> Concerning your patch, first
> thank you for working on it, but it seems it is not consistent with our
> current interface. Although there are functions that load from file, the
> functions that import data to structures (like the dhparams or the x509
> certificates) do not have the ability to load from files. If we add this
> patch we will also need to modify those interfaces to act similarly. This
> involves a significant number of functions, being added and thus I think it
> requires more thought.

From my perspective, at the very least dhparams needs some sort of load 
function, since it is required for every server application of gnutls. (It's 
even required in the minimal examples...) If there are other structures which 
can save data in DER/PEM/PKCS encodings, and they already have "load from 
memory" functions, then implementing a "load from file" function should be a 
trivial pair of calls, read_binary_file() followed by 
gnutls_STRUCTURE_import(), as was done in this patch for dh_params. The real 
requirement is to enumerate any such structures, which I haven't yet got 
around to...

> To be able to install it, we will need a 
> copyright assignment.  I'll send this off-list to you.

I'll follow this up. :)

Cheers,

Allwyn.




More information about the Gnutls-devel mailing list