Hi Steve, thanks for replying ! > Well other than the new error codes you are largely making use of > documented functions in OpenSSL so that the whole functionality could > be implemented (with few changes) outside the ssl library at an > application level. >
Alright. I could indeed. But this is not documented and in my opinion is thus not exported through SSL's API. I guess my question is: isn't cleaner and less error prone - thus improving security - to enable openssl applications to be able to do that ? What is the cost of allowing this behavior in next versions of openssl ? The library footprint shows very little increase. Sure it would require a major library bump since the API changes, but you're already about to do that with 0.98.x (+ this is only adding functionnality, not changing an existing one). In the meantime I will take these changes inside my application, I still really feel it could promote the writing of privsep'd programs which would be nice. Last, if you have issues with how the proposed changes are written and would rather see it done in a different way before supposedly going in, I'd be glad to rewrite it (or to see it rewritten by someone else). Thanks ! Pierre-Yves. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
