Getting the retry reason for a "failed" BIO_write/BIO_read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote:
> 
> If(BIO_should_read(socket->ssl_bio) != 0)
> 
> If(BIO_should_write(socket->ssl_bio) != 0)

In Postfix, we don't bother with the application layer ssl_bio,
and just do SSL_read()/SSL_write() directly.  You only need this
if you specifically want a BIO API to SSL.

> With this, I could get the entire end-to-end workflow to work !!!!

You might not be done yet.  Is the client verifying the server
certificate including name checks?  Just doing TLS, without
certificate checks, only protects against passive attacks.

-- 
	Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux