On Mon, Oct 10, 2016 at 2:47 PM, Ajay Garg <ajaygargnsit at gmail.com> wrote: > > > On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni < > openssl-users at dukhovni.org> wrote: > >> >> > On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargnsit at gmail.com> wrote: >> > >> > If(BIO_should_read(socket->ssl_bio) != 0) >> > >> > If(BIO_should_write(socket->ssl_bio) != 0) >> >> In Postfix, we don't bother with the application layer ssl_bio, >> and just do SSL_read()/SSL_write() directly. You only need this >> if you specifically want a BIO API to SSL. >> > I am sorry, but I don't get this :( In broad words, is there anything wrong in :: int rc = BIO_write(socket->ssl_bio) / BIO_read(socket->ssl) followed by if(rc < 0) { If(BIO_should_read(socket->ssl_bio) != 0) { } If(BIO_should_write(socket->ssl_bio) != 0) { } } ? > >> > With this, I could get the entire end-to-end workflow to work !!!! >> >> You might not be done yet. Is the client verifying the server >> certificate including name checks? Just doing TLS, without >> certificate checks, only protects against passive attacks. >> > > Thanks Viktor. > > I will add this "enhancement", once I complete the code, in a manner that > is portable across "any" device. > Please expect a few questions from me on other threads :P > > > Thanks and Regards, > Ajay > >> >> -- >> Viktor. >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > > -- > Regards, > Ajay > -- Regards, Ajay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161010/de40a360/attachment-0001.html>