On Wed, Aug 14, 2002 at 08:42:47PM +0100, Ben Laurie wrote: >>> I propose we have a compile >>> time flag that determines whether impossible conditions are fatal or >>> return errors,
>> Go ahead, compile time flags are how we usually handle such things in >> OpenSSL -- e.g. you can define BN_DEBUG to enable certain assertions >> that detect situations where memory is really corrupted. > Good. Now we have to debate what the default setting of the flag is. I > propose, naturally, that it should be set to cause death on internal errors. Whatever decision we make, the same scheme should also be applied to asserts found elsewhere in the library. The current pattern is to define NDEBUG unless the respective DEBUG option is set. As you noted that assert() (with output to stderr) may be more dangerous than a straight abort(), the new OpenSSL_assert() macro (as it might be called) should be used everywhere in place of assert() (except possibly when a DEBUG option is set). -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
