On Dec 26, 2011, at 8:25 PM, Stephen Henson via RT wrote: >> [seggelm...@fh-muenster.de - Fri Dec 23 09:04:52 2011]: >> >> Updated version with less defines and without breaking binary > compatibility. >> > > Thank you. We've only got one SSL_OP flag left. Would it be possible to > use an alternative to SSL_OP_NO_HB_REQUEST? For example a ctrl and using > a bit in s->tlsext_heartbeat? > > In ssl_parse_serverhello_tlsext() and the heartbeat extension is absent > should s->tlsext_heartbeat be set to an appropriate value? > > Reading through the draft specification it isn't clear to me how the > heartbeat extension interacts with sessions. Section 2 does say "This > decision can be changed with every renegotiation." but it isn't clear > how resumed sessions are treated. You always base the decision on the values provided in the client/server hellos. That is what is meant by the spec. > > In other words for a resumed session should the heartbeat extension in > the client hello be recognised or should the value from the initial > session be used? If the latter then the heartbeat value from the > original session needs to be stored in the SSL_SESSION structure. It is not stored, but used for the client hello. > > Minor code nitpick. There are several unnecessary "& 0xff" operations in > the patch for fields which can never exceed 0xff or which are always > less than 0xff (e.g. data[0], 0x02) The points related to the code will be addressed by Robin.
Thanks for the code review! Best regards Michael PS: Thank you very for integrating the DTLS/SCTP code! > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
