Re: [Ocamlnet-devel] [PATCH] Persistent connections and HTTPS

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Am Montag, den 23.09.2013, 18:10 +0300 schrieb Török Edwin:
> On 09/23/2013 01:56 PM, Gerd Stolpmann wrote:
> > Hi,
> > 
> > thanks for the patch. If I don't find another solution, I'll apply it.
> > 
> > Currently, I'm revising SSL anyway - OCamlnet 4.0 will have its own
> > binding for GnuTLS, and this will give us a lot more freedom in the
> > design. In particular, the management of the TCP connection and the TLS
> > tunnel can be completely decoupled (i.e. TLS will appear as a separate
> > layer on top of the multiplex controller).
> > 
> > (If you are curious:
> > https://godirepo.camlcity.org/wwwsvn/branches/onet4/code/src/nettls-gnutls/?root=lib-ocamlnet2)
> 
> Interesting, does this mean that an application could choose between OpenSSL and GnuTLS by simply
> linking with nettls.gnutls vs nettls.openssl? [*]
> 
> [*] Or why not someone could contribute a nettls.nss, as Fedora seems to prefer it over GnuTLS (Debian
> on the other hand seems to default to GnuTLS in curl for example):
> https://fedoraproject.org/wiki/FedoraCryptoConsolidation

There will be just a module type TLS_provider that can be packed as
value and passed around, and it will be possible to have several
implementations for it (switchable even at runtime). GnuTLS serves
"only" as the implementation that is included. I don't know yet whether
I personally want to create another one - the existing binding for
OpenSSL is so minimal that it is hardly usable for anything else than a
simple client, so it would be some work to add all the missing
functionality. But if somebody else did it, I'd happily include it in
Ocamlnet. Same for NSS (which is probably easier to do).

Independently of the TLS implementation, there will also be a parser for
X.509 certificates. This is already written (directly in OCaml), and
will give you complete access to all the details.

Gerd

> Best regards,
> --Edwin
> 
> 

-- 
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany    ge...@ge...
Creator of GODI and camlcity.org.
Contact details:        http://www.camlcity.org/contact.html
Company homepage:       http://www.gerd-stolpmann.de
------------------------------------------------------------