tesneddon
commented
11 years ago NETLIB_SSL_GET_SSL and accompanying documentation are now done. Next...
Open tesneddon opened 11 years ago
tesneddon
commented
11 years ago NETLIB_SSL_GET_SSL and accompanying documentation are now done. Next...
tesneddon
commented
11 years ago Here are some further points on the API for retrieving cipher information. This will need some more refining after further examination of the manual, but the details thus far:
- Here are the details we can return about a cipher:
- Name
- Protocol Version
- Key Exchange
- Encryption
- Authentication method
- Message Digest
- Export status
- Use LIB$TABLE_PARSE to parse this out of a SSL_CIPHER_description result.
- So, the API should likely look like this:
- NETLIB_SSL_CIPHER -- returns a pointer to the "cipher".
- NETLIB_SSL_CIPHER_INFO -- return the information above, with optional arguments, by parsing it out of the description string.
- NETLIB_SSL_CIPHER_LIST -- returns an array of ciphers that are available. Then, call NETLIB_SSL_CIPHER_INFO to get the extra detail. What kind of array? Could we use item lists. Maybe have a code that returned how many, so you know what to allocate, then call again to get the list?
tesneddon
commented
11 years ago I have had further thoughts on this and rather than have the routines NETLIB_SSL_GET_SSL, NETLIB_SSL_CIPHER and NETLIB_SSL_CIPHER_LIST it is likely better to implement a single routine, like getsockopt, NETLIB_SSL_GETSOCKOPT. This also gives us the opportunity to provide a similar service for setting certain details. NETLIB_SSL_CIPHER_INFO is still important for retrieving information and should stay.
tesneddon
commented
11 years ago NETLIB_SSL_GETSOCKOPT is complete, although untested. I will implement the CIPHER_INFO routine and test them together.
Complete SSL API by adding in the following routines:
There may be others. However, for now that is enough to get MX STARTTLS support off the ground. Depending on when further additions are necessary, we might wait until a V3.1 release.