On Thu, Oct 11, 2001 at 04:54:52PM -0400, Olga Kornievskaia wrote: > On Thu, 11 Oct 2001, Bodo Moeller wrote:
>> I contemplate adding to OpenSSL (0.9.7 -- 0.9.6c is for bugfixes only) >> a new callback hook that can be used for handling this. The >> application-defined callback would be called for every message >> received or sent. Then the application itself can store the message >> content if needed. (While the callback would not be called for >> application data, I see no reason to limit it to handshake messages. >> Alerts might also be of interest to applications.) This should be >> easy to do; the main difficulty is to devise an API that can be kept >> as consistent as possible across protocol versions. [...] > However, it seems that if we were to use the callback mechanism, then > mod_ssl would need to be modified. So we have an option of either > providing a patch to OpenSSL or mod_ssl which seems to be same thing in > the end. Don't you currently have to modify both for your purposes? Anyway, it is certainly not the same thing: mod_ssl is part of one application, whereas OpenSSL is a library that one should be able to use in multiple programs without compiling it multiple times with specific settings or modification. > I approached OpenSSL community first because we created an > implementation that provided such functionality. And, at the time, it > seemed like a reasonable thing to assume that OpenSSL can just save the > handshake since the modifications are small. Wouldn't it require more work > to provide a callback function, then to add a new structure to save the > handshake. This new structure would not be part of OpenSSL, so as far as OpenSSL is concerned, the modifications would be smaller. Also there would be no copying overhead for those applications that do not need the handshake to be saved. Also the callback approach is much more general than the SSL_HANDSHAKE patch: While there may be more work in total for extending OpenSSL and finishing this one application using callbacks, OpenSSL will have a cleaner API, and other applications with related but different needs will benefit from this. (For example, applications will be able to observe alerts that are usually ignored by the library.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
