Migrating Qt Crytpographic Architecture to KDE CVS
Thiago Macieira
thiago.macieira at kdemail.net
Wed Sep 29 16:04:18 BST 2004
Jason Keirstead wrote:
>On September 29, 2004 10:05 am, George Staikos wrote:
>> Well it was designed with KIO's design in mind. I think it's most
>> important to keep the KIO (TCPSlaveBase) portion easy to use,
>> functional, and bug free. It's always possible to make another class
>> parallel to KSSL for use in other applications. That's not the hard
>> part though. The hard part is the big mess of a certificate check
>> algorithm in TCPSlaveBase...
>
>This should be part of the refactor as well.
>
>The certificate check algorithm should not be in TCPSlaveBase. It makes
> it impossible to share it with applications wanting an SSL stream socket.
> I ran into this writing the SSL layer for Kopete, and ended up just
> copying most of the code.
Indeed. I agree with George that TCPSlaveBase should change its API as
little as possible.
But Jason also has a point that we need some certificate management outside
ioslaves -- meaning, other programs that are not ioslaves may require
certificate management.
>As I understand it though, this issue will be resolve when Thiago writes
> his new KNetwork SSL socket.
My point is to provide a simple, SSL-enabled socket class that uses QCA's
cryptography. This low-level class will not do certificate management, but
should maybe provide hooks/signals so that it can be done. Another must is
that this object has to be able to connect via SOCKS or HTTP proxies or
anything else we come up with in the future.
We'd then have a certificate management object/class that uses those hooks.
And finally, TCPSlaveBase should simply integrate them.
Now, I have not looked at the current code. I have really no idea how big a
project this is.
--
Thiago Macieira - Registered Linux user #65028
thiago (AT) macieira (DOT) info
ICQ UIN: 1967141 PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20040929/16145af0/attachment.sig>
More information about the kde-core-devel
mailing list