On Tue, Oct 07, 2014 at 07:28:01PM +0200, Ángel González wrote: > CustaiCo wrote: > > Because of how cleanly seperated the network code is from the rest of > > the application, I'm fairly sure that there should be no leaks, unless > > the ssl library decides to open it's own connections for no reason. > > Like doing an OCSP check? > > (although neither openssl nor gnutls seem to do that automatically > nowadays) >
This is why I have the warning about not checking it on the wire. I can tell you that when I had it running under the debugger, I wasn't seeing any intercepted calls to network functions when it was still running as the LD_PRELOAD monstrosity, except for the ones explicitly called in net.c, but I can't be certain. Leaks from other libraries or DNS look ups are pretty common when dealing with this sort of thing. CustaiCo ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
