On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni <openssl-users at dukhovni.org > wrote: > > > On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote: > > > > If(BIO_should_read(socket->ssl_bio) != 0) > > > > If(BIO_should_write(socket->ssl_bio) != 0) > > In Postfix, we don't bother with the application layer ssl_bio, > and just do SSL_read()/SSL_write() directly. You only need this > if you specifically want a BIO API to SSL. > > > With this, I could get the entire end-to-end workflow to work !!!! > > You might not be done yet. Is the client verifying the server > certificate including name checks? Just doing TLS, without > certificate checks, only protects against passive attacks. > Thanks Viktor. I will add this "enhancement", once I complete the code, in a manner that is portable across "any" device. Please expect a few questions from me on other threads :P Thanks and Regards, Ajay > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161010/490d6a0a/attachment.html>
