On Mon, Oct 10, 2016 at 2:47 PM, Ajay Garg <ajaygargn...@gmail.com> wrote:
>
>
> On Mon, Oct 10, 2016 at 1:31 PM, Viktor Dukhovni <
> openssl-us...@dukhovni.org> wrote:
>
>>
>> > On Oct 10, 2016, at 3:52 AM, Ajay Garg <ajaygargn...@gmail.com> wrote:
>> >
>> > If(BIO_should_read(socket->ssl_bio) != 0)
>> >
>> > If(BIO_should_write(socket->ssl_bio) != 0)
>>
>> In Postfix, we don't bother with the application layer ssl_bio,
>> and just do SSL_read()/SSL_write() directly. You only need this
>> if you specifically want a BIO API to SSL.
>>
>
I am sorry, but I don't get this :(
In broad words, is there anything wrong in ::
int rc = BIO_write(socket->ssl_bio) / BIO_read(socket->ssl)
followed by
if(rc < 0)
{
If(BIO_should_read(socket->ssl_bio) != 0)
{
}
If(BIO_should_write(socket->ssl_bio) != 0)
{
}
}
?
>
>> > With this, I could get the entire end-to-end workflow to work !!!!
>>
>> You might not be done yet. Is the client verifying the server
>> certificate including name checks? Just doing TLS, without
>> certificate checks, only protects against passive attacks.
>>
>
> Thanks Viktor.
>
> I will add this "enhancement", once I complete the code, in a manner that
> is portable across "any" device.
> Please expect a few questions from me on other threads :P
>
>
> Thanks and Regards,
> Ajay
>
>>
>> --
>> Viktor.
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
>
> --
> Regards,
> Ajay
>
--
Regards,
Ajay
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
