Le dimanche 27 janvier 2013 à 14:12 +0200, Yuval Greenfield a écrit :
On Sun, Jan 27, 2013 at 1:21 PM, Antoine Pitrou email@example.com wrote: > Most protocols should be written independent of transport. But it seems to > me that a user might write an entire app as a "protocol". Well, such an assumption can fall flat. For example, certificate checking in HTTPS expects that the transport is some version of TLS or SSL: http://tools.ietf.org/html/rfc2818.html#section-3.1
I'm not sure I understood your reply. You'd be for an api that exposes the underlying transport? I meant to say that "an entire app" entails control over the subtleties of the underlying transport.
What I meant is that the HTTP protocol needs to know that it is running over a secure transport, and it needs to fetch the server certificate from that transport (or, alternatively, it needs to have one of its callbacks called by the transport when the certificate is known). That's not entirely transport-agnostic.