forked from arpa2/tlspool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
34 lines (33 loc) · 2.01 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
There are many ways in which the current TLS Pool can be improved:
- Graylist callbacks, preferrably by the application, with generic fallback
- Support for UDP and SCTP and not just TCP
- Application-specific support, with things like mod_tlspool and HTTP proxy
+ Support for all of X.509, OpenPGP and SRP schemes (undecided on PSK)
+ Extension of GnuTLS' PKCS #11 support to OpenPGP, PSK and SRP
- TOFU callbacks and storage of (signed?) acceptance
- Incorporate session resumption (on both ends) (store creds in memcache?)
+ Key derivation API with the PRF functionality of TLS 1.2 (RFC 5705)
+ RFC 5705: repeated seeding labels? overlap proto-fixed ones? session revival?
+ Error translation from GnuTLS and BerkeleyDB to errno (with detail report)
+ Transactions for an entire thread
X Thread cleanup with pthread_setcanceltype(), pthread_cleanup_push()
+ Free memory as assumed by GnuTLS and BerkeleyDB API's
+ Setup server credentials for searching databases as is done in the client
- Regularly refresh DH parameters ; find out how to apply refcnt and/or locks
- Introduce (at least a basic form of) certificate validation
+ Support X.509 certificate chains
+ Derive GnuTLS priority string automatically from credentials for localid
+ Migrate from fprintf (stderr, ...) to syslog()
- Migrate from file-based SRP to SRP #11 when GnuTLS offers it
- Add support for TLS-KDH when GnuTLS offers it
+ Move database environment and names into configuration parameters
+ Move DH params file to a configuration parameter
+ Explain how to generate X.509 and GnuPG certificates with PKCS #11
+ Recognise callbacks with a "same" file handle as session access requests
+ Move PID file handling to daemon.c; make -k switch after new initialisation
+ Add autotools support with bootstrap.sh and subsequent ./configure
+ Port to the FreeBSD platform
+ Port to the Windows platform
- Port to the Mac OS X platform
+ Consider a thread pool for session passthrough (the current copycat function)
+ Support asynchronous access to the TLS Pool in starttls_xxx() functions