The example code from BIO_f_ssl's manpage sends invalid HTML to the client; it has no <title>, and does not escape the client headers it sends back. text/plain would be a better choice.
--- BIO_f_ssl.3ssl.orig 2003-11-21 20:28:44.000000000 +0000 +++ BIO_f_ssl.3ssl 2003-11-21 20:29:18.000000000 +0000 @@ -459,8 +459,8 @@ \& } .Ve .Vb 3 -\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/html\er\en\er\en"); -\& BIO_puts(sbio, "<pre>\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "Connection Established\er\enRequest headers:\er\en"); \& BIO_puts(sbio, "--------------------------------------------------\er\en"); .Ve .Vb 8 @@ -475,7 +475,7 @@ .Ve .Vb 2 \& BIO_puts(sbio, "--------------------------------------------------\er\en"); -\& BIO_puts(sbio, "</pre>\er\en"); +\& BIO_puts(sbio, "\er\en"); .Ve .Vb 2 \& /* Since there is a buffering BIO present we had better flush it */ -- Michael Shields Security Consultant SunBlock Systems ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
