On Fri, Jun 7, 2019 at 1:04 PM Ludovic Courtès <[email protected]> wrote: > > Hello, > > AIUI, TLS 1.3 post-handshake authentication requests can happen anytime, > and thus clients need to be ready to deal with GNUTLS_E_REAUTH_REQUEST > at any time. In particular, ‘gnutls_record_recv’ might return this > error, and the client has to call ‘gnutls_reauth’ at that point.
Right. A clarification, that these can happen only if the client or server has explicitly enabled post-handshake authentication with the corresponding gnutls_init() flag. > In the Guile bindings, GnuTLS errors are mapped to Guile exceptions. > The record layer is mapped to an I/O port, which is the abstraction used > for file contents, sockets, etc. (similar to FILE* in C). > > The problem here is that you could get a GNUTLS_E_REAUTH_REQUEST > exception in the middle of a read from an I/O ports. This breaks > abstraction because the caller of that read call may not know that the > port happens to be a GnuTLS record port. That should be similar to GNUTLS_E_REHANDSHAKE error. I'm not sure if that can be the right solution but there is the option of GNUTLS_AUTO_REAUTH. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
