On Mon, Jun 22, 2015, Salz, Rich wrote:
>
> > I looked at how SSL_CTX_set_cipher_list and SSL_set_cipher_list operate,
> > but they don't use SSL_{CTX}_ctrl.
>
> That API probably predates the ctrl. It's a trade-off; you lose type-safety
> but have less to document :)
>
> > What is the suggested way to control the functionality through a flag?
>
> Probably the _ctrl API. Problem is we're running out of bits. Let's see
> what drH thinks.
We certainly are running out of options bits and will need to do something to
address that at some point it hasn't been decided precisely *what* yet.
However if the option is related to certificates it can use the cert_flags
field in the CERT structure. If it is related to mode then it can use the mode
field. Both of those have plenty to spare.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
