[Development] TLS extensions and supplemental data
phartmann at blackberry.com
Wed Mar 13 11:33:50 CET 2013
Some comments / questions:
- Do you have examples of supplemental data? It seems to me like TLS
extensions are more important here, as they are used everywhere already.
- re. API:
What comes to my mind are the following options:
a) generic class QTlsExtension similar to QSslCertificateExtension with
name() and QVariant value() and getter "QList<QTlsExtension>
QSslConfiguration::tlsExtensions()" (+ respective setter). Depends on
whether it is worth to introduce a new class.
b) enum in QSslConfiguration (e.g.
"QSslConfiguration::TlsExtensionServerName") and getter "QVariant
respective setter). Might be better because of less API than a)
c) individual getters / setters like "QVariant
tlsExtensionServerName()"; that looks like cluttering the API.
- re. "On which object should extensions be set/retrieved?":
Maybe QSslConfiguration would be the place to set/get extensions,
instead of QSslSocket? At least this is where we store things like the
session cipher, certificate chain etc. IMO the API is a bit cluttered
between those two classes, so I think we should have all of that in
- re. "How are the extensions to be set and exposed?":
If "There is a requirement to be able to retrieve the far side extension
prior to setting extensions", then this sounds like we need a new signal
for QSslSocket (and probably later the same one in QNetworkReply). Rich
was working on an "encrypted" signal which would be fired after the
handshake and before application data was sent, but I guess this would
be too late for some extensions then.
- re. "One-shot setter supporting a set of extensions, or ability to
call addExtension multiple times prior to the extended hello being sent?"
I think we could combine it, by having an addExtension taking one single
extension and maybe an overload which takes a QList or so.
On 03/08/2013 08:09 PM, Scott Deboy wrote:
> I wanted to give folks a heads-up that I'm starting work on defining an API which will give Qt the ability to retrieve and set TLS extension data sent in OpenSSL's extended hello.
> I will also be adding support for the ability to send and retrieve supplemental data messages.
> A Wiki topic has been created to work through the process of defining the API - please feel free to update/add questions or contribute to the discussion:
> Thanks much,
> Development mailing list
> Development at qt-project.org
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
More information about the Development