On Mon, 2005-10-03 at 12:30 +0200, ext via RT wrote: > I am working with the patch and I noticed that the psk hint and id are > asciiz. This is not in the spec. > Also, there is no way to specify no psk_id_hint/psk_id. According to > the spec, the pure psk suites can omit the key exchange. There is no > way to do this right now, and this is precisely how I intend to work.
Using NULL-terminated strings was just a design choice; it is highly unlikely that anyone would use PSK identities or hints containing NULLs, so this simplifies the API (a lot less length fields to pass around in various places; this also means less opportunities for bugs when someone gets the lengths wrong...). Omitting the PSK identity (or ClientKeyExchange message) is not allowed by the spec (but sending zero-length identity is). The PSK hint (and in certain cases, the whole ServerKeyExchange message) can be omitted by setting the hint to NULL. Also see the manual pages for the functions SSL_CTX_use_psk_identity_hint and SSL_use_psk_identity_hint, and then the modified test programs how the functions are used. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
