Getting the retry reason for a "failed" BIO_write/BIO_read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni <openssl-users at dukhovni.org
> wrote:

>
> > On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote:
> >
> > If(BIO_should_read(socket->ssl_bio) != 0)
> >
> > If(BIO_should_write(socket->ssl_bio) != 0)
>
> In Postfix, we don't bother with the application layer ssl_bio,
> and just do SSL_read()/SSL_write() directly.  You only need this
> if you specifically want a BIO API to SSL.
>
> > With this, I could get the entire end-to-end workflow to work !!!!
>
> You might not be done yet.  Is the client verifying the server
> certificate including name checks?  Just doing TLS, without
> certificate checks, only protects against passive attacks.
>

Thanks Viktor.

I will add this "enhancement", once I complete the code, in a manner that
is portable across "any" device.
Please expect a few questions from me on other threads :P


Thanks and Regards,
Ajay

>
> --
>         Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161010/490d6a0a/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux