Migrating Qt Crytpographic Architecture to KDE CVS

Thiago Macieira thiago.macieira at kdemail.net
Wed Sep 29 16:04:18 BST 2004

Jason Keirstead wrote:
>On September 29, 2004 10:05 am, George Staikos wrote:
>> Well it was designed with KIO's design in mind.  I think it's most
>> important to keep the KIO (TCPSlaveBase) portion easy to use,
>> functional, and bug free.  It's always possible to make another class
>> parallel to KSSL for use in other applications.  That's not the hard
>> part though.  The hard part is the big mess of a certificate check
>> algorithm in TCPSlaveBase...
>This should be part of the refactor as well.
>The  certificate check algorithm should not be in TCPSlaveBase. It makes
> it impossible to share it with applications wanting an SSL stream socket.
> I ran into this writing the SSL layer for Kopete, and ended up just
> copying most of the code.

Indeed. I agree with George that TCPSlaveBase should change its API as 
little as possible.

But Jason also has a point that we need some certificate management outside 
ioslaves -- meaning, other programs that are not ioslaves may require 
certificate management.

>As I understand it though, this issue will be resolve when Thiago writes
> his new KNetwork SSL socket.

My point is to provide a simple, SSL-enabled socket class that uses QCA's 
cryptography. This low-level class will not do certificate management, but 
should maybe provide hooks/signals so that it can be done. Another must is 
that this object has to be able to connect via SOCKS or HTTP proxies or 
anything else we come up with in the future.

We'd then have a certificate management object/class that uses those hooks.

And finally, TCPSlaveBase should simply integrate them.

Now, I have not looked at the current code. I have really no idea how big a 
project this is.

  Thiago Macieira  -  Registered Linux user #65028
   thiago (AT) macieira (DOT) info
    ICQ UIN: 1967141   PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20040929/16145af0/attachment.sig>

More information about the kde-core-devel mailing list