Another of Daniel's ideas inspired me to create an API extension that's
now available for review on branch br-msk-resign.
_FFR_RESIGN adds a function "dkim_resign()" that binds a signing handle to
a verifying handle. The user then runs an arriving message through the
verifying handle to completion, obtaining a result. The user can then
extract a new signature for the same message from the signing handle.
This saves forwarders and remailers (like mailing lists) from having to
maintain two handles and pump the message through each one individually.
This represents not only half the calls for the user, but half the calls
to the underlying hash functions running underneath; the verifying handle
computes the hashes and then the signing handle just makes use of them.
The other changes this makes to the API are minor but noteworthy:
- once the binding is established, the signing handle has to be passed to
dkim_free() before the verifying handle is, or an error is returned and
the verifying handle is not freed
- dkim_resign() is only valid once the verifying handle has received all
of its headers, but before the verifying handle has been passed to
dkim_eoh()
A new HTML file documents the function in libopendkim/docs.
Open for review. I'd like to merge this to the trunk before v1.2.0 goes
out. Since I just released 1.1.2, there's no pressure for this at all
yet, plus I believe Daniel's proposed asynchronous DNS improvements are
coming soon if not out already.
v1.2.0 is shaping up to be a pretty big release!
-MSK
Received on Sun Nov 01 2009 - 22:38:03 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Mon Nov 02 2009 - 02:50:01 PST