From ac863d6b1040b4ceed97798c858e5c9946bf5891 Mon Sep 17 00:00:00 2001
From: henri <henri@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 8 Apr 2014 19:59:13 +0000
Subject: [PATCH] Added an item for a new design of nsock SSL

---
 todo/henri.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/todo/henri.txt b/todo/henri.txt
index 0d05aaa37..cca881455 100644
--- a/todo/henri.txt
+++ b/todo/henri.txt
@@ -5,6 +5,9 @@ o Proper SSL support in proxy mode.
     exported but it should be implemented just like the other operations. Then
     it would be trivial (and clean) for the library to SSLify the channel
     established by the proxy hooks.
+  - When redesigning nsock SSL code, keep in mind the ability to establish a SSL
+    session and still expose the raw TCP. That can be convenient when auditing
+    the SSL/TLS layer.
 o Don't drop pending writes when deleting the corresponding IOD. For nsock to
   behave a bit like standard BSD sockets we should flush writes on close. (OTOH
   anything which isn't ack'ed has no meaning, caller can still cancel it