r17955@catbus: nickm | 2008-02-06 16:53:07 -0500

 The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions.  Now to make sure certificate verification is really happening, connections are getting opened, etc.


svn:r13409

1 files changed, 12 insertions, 4 deletions

diff --git a/doc/TODO b/doc/TODO
index 6036815ca..95e05c5ec 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -64,7 +64,9 @@ N - Before the feature freeze:
         o Servers detect new ciphers, and only send ID cert when they
           get an older cipher list, and only request client cert when
           they get an older cipher list.
-        - Clients only send certificates when asked for them.
+        . Clients only send certificates when asked for them.
+          o Implement
+          - Enable
         o Servers disable callback once negotiation is finished, so
           that renegotiation happens according to the old rules.
         o Clients initiate renegotiation immediately on completing
@@ -73,10 +75,16 @@ N - Before the feature freeze:
           cert, they adust the client ID.
           o Detect.
           o Adjust.
-      - New revised handshake: post-TLS:
-        - start by sending VERSIONS cells
-        - once we have a version, send a netinfo and become open
+      . New revised handshake: post-TLS:
+        o start by sending VERSIONS cells
+        o once we have a version, send a netinfo and become open
         - Ban most cell types on a non-OPEN connection.
+      - Test
+        o Verify version negotiation on client
+        - Verify version negotiation on server
+        - Verify that client->server connection becomes open
+        - Verify that server->server connection becomes open and
+          authenticated.
       - NETINFO fallout
         - Don't extend a circuit over a noncanonical connection with
           mismatched address.