[EMAIL PROTECTED] wrote: > On Thu, 2 Oct 2003, Thor Lancelot Simon wrote: > > >>1) Creates a socket-like connection object >> >>2) Allows configuration of the expected identity of the party at the other >> end, and, optionally, parameters like acceptable cipher suite >> >>3) Connects, returning error if the identity doesn't match. It's >> probably a good idea to require the application to explicitly >> do another function call validating the connection if it decides to >> continue despite an identity mismatch; this will avoid a common, >> and dangerous, programmer errog. >> >>4) Provides select/read operations thereafter. >> > > > Speaking as a Postfix developer, it would be very useful to have a > non-blocking interface that maintained an event bitmask and > readable/writable callbacks for the communications channel, allowing a > single-threaded application to get other work done while a TLS negotiation > is in progress, or to gracefully time out the TLS negotiation if progress > is too slow. This means that the caller should be able to tear down the > state of a partially completed connection at any time without memory leaks > or other problems.
Again, you can do this with OpenSSL. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]