> Looking at it tho', there's still a couple of problems. Here's one
> example of the first one,
>
> if (init)
> {
> CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
>
> memcpy((char *)&SSLv23_client_data,
> (char *)sslv23_base_method(),sizeof(SSL_METHOD));
> SSLv23_client_data.ssl_connect=ssl23_connect;
> SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
> init=0;
>
> CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
> }
I don't think you have pulled the latest version of this patch from CVS.
Bodo Moeller and I went through a few iterations of this patch, and the
final version performs double-init checking where necessary. (The
discussion should be in the mailing list archives.) I checked the above
code just now, and on the OpenSSL_0_9_6-stable branch it is different and
correct.
Please review the final patch and notify the list if you find problems. I
would feel better about asking the team to cut 0.9.6h after some other
people have reviewed the changes.
thanks,
patrick
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
