Simon, You are rocking! I 'm really amazed by your support. Let me analyze the code with your input and come back.
Thanks a lot! Leny -----Original Message----- From: Simon Josefsson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 8:38 PM To: Thangiah, Leny IN BLR SISL Cc: [email protected] Subject: Re: GnuTLS supports RSA_WITH_RC4_128_MD5? "Thangiah, Leny IN BLR SISL" <[EMAIL PROTECTED]> writes: > Thanks, Simon. > It's motivating me further towards using the GnuTLS. Great! > I have one more question. Is there any possibility to hook my file operation > functions (fopen, fread...) with the GnuTLS. > Basically, I want GnuTLS to call my functions for the file operations. There aren't many file operations in the GnuTLS library: [EMAIL PROTECTED]:~/src/gnutls/lib$ rgrep fopen * auth_psk_passwd.c: fd = fopen (cred->password_file, "r"); auth_srp_passwd.c: fd = fopen (pconf_file, "r"); auth_srp_passwd.c: fd = fopen (cred->password_file, "r"); gnutls_helper.c: fd = fopen (file, "r"); minitasn1/structure.c: file = fopen (output_file_name, "w"); [EMAIL PROTECTED]:~/src/gnutls/lib$ rgrep read_binary_file * gnutls_x509.c: char *data = read_binary_file (certfile, &size); gnutls_x509.c: char *data = read_binary_file (keyfile, &size); gnutls_x509.c: char *data = read_binary_file (cafile, &size); gnutls_x509.c: char *data = read_binary_file (crlfile, &size); gnutls_x509.c: p12blob.data = read_binary_file (pkcs12file, &size); [EMAIL PROTECTED]:~/src/gnutls/lib$ The usage in minitasn1/structure.c is never invoked from GnuTLS. The usage in gnutls_helper.c is in the function _gnutls_file_exists and that function is only used from PSK/SRP: [EMAIL PROTECTED]:~/src/gnutls/lib$ rgrep _gnutls_file_exists * gnutls_helper.c:_gnutls_file_exists (const char *file) gnutls_helper.h:int _gnutls_file_exists (const char *file); gnutls_psk.c: if (_gnutls_file_exists (password_file) != 0) gnutls_srp.c: if (_gnutls_file_exists (password_file) != 0) gnutls_srp.c: if (_gnutls_file_exists (password_conf_file) != 0) [EMAIL PROTECTED]:~/src/gnutls/lib$ Thus, only the SRP/PSK and the X.509 APIs ever opens any files. For TLS-PSK, this is the password file, and the functionality is only used in the server if you use the gnutls_psk_set_server_credentials_file() API. If you avoid it and use gnutls_psk_set_server_credentials_function() instead, you will have a callback into your application for the necessary data. Similar for TLS-SRP, it is only used in the server when you use the gnutls_srp_set_server_credentials_file() API. Use gnutls_srp_set_server_credentials_function() instead. For X.509 the file operations are used when you use some of the APIs that takes a filename: gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_simple_pkcs12_file You don't need to use those APIs to set X.509 key/trust/crl files, just make sure you use other APIs that doesn't involve reading files: gnutls_certificate_set_x509_key_mem gnutls_certificate_set_x509_trust_mem gnutls_certificate_set_x509_crl_mem For PKCS#12 there isn't a equivalent memory-based API, but if you need one added, let me know and I can add it easily for you. Is this sufficient for what you need? > I saw such callbacks for the socket and memory operations. Right. /Simon > > Leny > > -----Original Message----- > From: Simon Josefsson [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 23, 2007 2:34 PM > To: Thangiah, Leny IN BLR SISL > Cc: [email protected] > Subject: Re: GnuTLS supports RSA_WITH_RC4_128_MD5? > > > "Thangiah, Leny IN BLR SISL" <[EMAIL PROTECTED]> writes: > >> Hi, >> >> I 'm new to the world of SSL. I am evaluating various SSL >> implementations for using in one of our products. I found that GnuTLS >> is more portable, scalable and flexible than any other >> implementations. > > Hi, and welcome! > >> Please let me know if GnuTLS supports the following ciphering algorithms. >> These are the crucial requirements for my evaluation. >> SSL_RSA_WITH_RC4_128_MD5 >> >> TLS_RSA_WITH_RC4_128_MD5 > > As far as I know, those are the same cipher, RFC 4346 says: > > CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; > > and on http://support.microsoft.com/kb/245030 I see that > > SSL_RSA_WITH_RC4_128_MD5 { 0x00,0x04 } > > Anyway, yes, GnuTLS supports that cipher suite. > > You may want to look into this comparison between some implementations: > > http://www.gnu.org/software/gnutls/comparison.html > > It may not be complete (additions are most welcome), but should give you > some indication on what is supported. > > Note that GnuTLS does not support SSL version 2.0 since it has been > broken security-wise. > > /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
