Bear Giles writes:
> *) certs are fully validated - valid root certs must be available.
> This is a hassle, but it means that you *can* trust the identity
> of the server.
I'm confused. We currently don't have SSL-based authentication, so why do
we have certificates at all?
> *) the client library can handle hardcoded root certificates, to
> avoid the need to copy these files.
Hardcoding is evil.
> *) host name of server cert must resolve to IP address, or be a
> recognized alias. This is more liberal than the previous
> iteration.
Which is the standard/recommended practice?
> *) the number of bytes transferred is tracked, and the session
> key is periodically renegotiated.
Define "periodically".
> *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
> configuration files have reasonable defaults for each type
> of use.
Again, what are these certificate management tools for if we don't have
any need for certificates?
About the code:
* no // comments
* no fprintf(stderr, ...) in library functions
* read_SSL/write_SSL -- If you think these functions are misnamed, rename
them.
* Isn't there an automated way to generated error message from error codes
in OpenSSL?
--
Peter Eisentraut peter_e@gmx.net