> OK, I don't understand why it needs to be exported - isn't it internal > to the library? But assuming it does, I prefer the original suggestions > (i.e. move the declaration of OpenSSLDie()).
It needs to be exported because the function is defined in libeay32.dll and used in ssleay32.dll on Windows. Now the choices as I see it are: . export the function. which I have done in order to get the code to compile and link on Windows, or . remove the call entirely and instead simply have OpenSSL return an error to the application as is done with other length checks For example, in ssl_sess.c ssl_get_new_session() the error SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp > ss->session_id_length. I don't see why we need to call abort() (via die()) if s->sid_ctx_length > sizeof ss->sid_ctx. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]