On Sun, Apr 10, 2016 at 12:59 AM, Alex Bligh <[email protected]> wrote: > Nikos, > On 8 Apr 2016, at 18:44, Nikos Mavrogiannopoulos <[email protected]> wrote: >>>> >>>> The simplest example is mini-eagain.c from the test suite which >>>> verifies the asynchronous operation of gnutls_record_send and recv. >>> Thanks - that was helpful. But it doesn't do a select loop >>> as far as I can tell. >> >> No. A select loop will be complex and I don't know if one could have a >> reasonable example. If you have one consider contributing it. > > I do now: > https://github.com/abligh/tlsproxy
Thank you. That seems quite a nice and concise example, although it is not as small (1-3 pages) to include in the manual. I've added a reference instead and included it in gnutls as a submodule under doc/examples/tlsproxy. Do you plan to keep/update that repository? regards, Nikos PS. Few comments: I would not use select() any more. It is hard to get right and under glibc it causes stack overflow if any of the fds is over 1024. You could further simplify the example by using gnutls_certificate_verification_status_print() instead of checking statuses manually (that would introduce dependency to gnutls over 3.1.4, but it is future proof with regards to message reporting). You seem to call gnutls_bye() unconditionally. It may be better to send gnutls_alert_send_appropriate() on error condition, and gnutls_bye() with _WR only, since you are not interested in properly closing the channel at this point. RDWR is suitable for the cases that you want to close the channel and re-use it (send unencrypted data). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
