subject:"at what time must I call SSL_free\( \) \/ SSL_CTX

Re: Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-22 Thread Aro RANAIVONDRAMBOLA

Hello,
I would like to know at what time have I to call shutdown ? is there a case
I have no choice ( and so I have to shutdown ).
In fact, I develop a secure stack between TCP and an application. . So in
appli_connect( ), appli_read( ), ... appli_accept( ) are defined  like these
:
appli_connect(appli_num, ... ){
connect(appli_num-sock , ...);
 ...
SSL_connect(appli_num-ssl, ...);
}

appli_accept(appli_num, ...){
accept(appli_num-sock, ...);
...
SSL_accept(...);
}

appli_read( ){
...
}
appli_write( ){
..
}




2011/2/16 lzyzizi lzyz...@126.com

 Sorry, I made you confusing.
 1)I just want to say that it depends on your needs  to call
 SSL_CTX_free().For example ,you develop an application that needs user to
 import the certificate .If the user import the wrong certificate , you may
 not call SSL_CTX_free to free the SSL_CTX object.You may tell the user that
 your certificate is wrong, and let him import again.
 Sometimes,you develop a server.Every time starting server, the server will
 load the certificate.The failure of calling SSL_CTX_use_certificate_file
 means that it load the wrong certificate,If it is a fatal error for you,you
 should call SSL_CTX_free to SSL_CTX object and end your server.

 I think  usage of SSL_CTX/SSL function is not about the SSL usage ,but the
 common sense of object-oriented programming.When to kill the object denpends
 what your program needs.


 At 2011-02-16 19:40:50，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:

 2) = OK
 1) I do not understand when you say I can also call
 SSL_CTX_use_certificate_file( ) to load another certificate file ...
if it fails how can you load another certificate file ?


 2011/2/15 lzyzizi lzyz...@126.com

 What time have you to call SSL_free() and SSL_CTX_free() depends what you
 want to end the SSL/SSL_CTX object's lifecycle.Calling these functions is
 just like *del* the object in C++,which means you don't want the object
 any more.
 The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ),
 SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean
 that the SSL/SSL_CTX object won't work any more.For example, if the
 SSL_CTX_use_certificate_file() fails, it just means that the certificate
 file may be not OK.You can also call it to load another certificate file.

 2)You may not call SSL_CTX_free(),when SSL objects fails.Because the
 SSL_CTX object  is used to create SSL object as a factory.SSL_CTX may create
 many SSL objects.An SSL object just means that this SSL handshake(or other
 operations) has errors,which does not imply that SSL_CTX object has
 error.Especially,
 the failure of these functions(SSL_connect( ), SSL_accept( ),
 SSL_get_verify_result()) is common in SSL handshake, because your peer sent
 wrong certificate to you or something that violated the SSL protocol.It is
 not your fault,so you just need to free the SSL object or do some
 reconnection operation.


 At 2011-02-15 22:40:29，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:

 Hello,
 I 'd like to know at what time have I to call SSL_free( ) and
 SSL_CTX_free( )
 1) For example, I call SSL_CTX_free( ) when a call to a function which
 fill in the CTX fails ( SSL_CTX_set_cipher_list( ),
 SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( ) ). I am
 wondering if it is a good idea.
 2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL
 object fails. it concerns  SSL_connect( ), SSL_accept( ),
 SSL_get_verify_result(), ... is that OK ?
 thanks

Re:Re: Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-22 Thread lzyzizi

The SSL will abort the handshake automatically when something was wrong such as 
the authentication failure,no shared cipher list,verify callback failure and so 
on.So i think you shall call the shutdown and free the object when the 
handshake functions(SSL_do_handshake,SSL_accept,SSL_connect...) failed.


At 2011-02-23 00:45:22，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
Hello,
I would like to know at what timehave I to call shutdown ? is there a case I 
have no choice ( and so I have to shutdown ).
In fact, I develop a secure stack between TCP and an application. . So in 
appli_connect( ), appli_read( ), ... appli_accept( ) are defined  like these :
appli_connect(appli_num, ... ){
connect(appli_num-sock , ...);
 ...
SSL_connect(appli_num-ssl, ...);
}

appli_accept(appli_num, ...){
accept(appli_num-sock, ...);
...
SSL_accept(...);
}

appli_read( ){
...
}
appli_write( ){
..
}


  


2011/2/16 lzyzizilzyz...@126.com
Sorry, I made you confusing.
1)I just want to say that it depends on your needs  to call SSL_CTX_free().For 
example ,you develop an application that needs user to import the certificate 
.If the user import the wrong certificate , you may not call SSL_CTX_free to 
free the SSL_CTX object.You may tell the user that your certificate is wrong, 
and let him import again.
Sometimes,you develop a server.Every time starting server, the server will load 
the certificate.The failure of calling SSL_CTX_use_certificate_file means that 
it load the wrong certificate,If it is a fatal error for you,you should call 
SSL_CTX_free to SSL_CTX object and end your server.

I think  usage of SSL_CTX/SSL function is not about the SSL usage ,but the 
common sense of object-oriented programming.When to kill the object denpends 
what your program needs.



At 2011-02-16 19:40:50，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
2) = OK
1) I do not understand when you say I can also call 
SSL_CTX_use_certificate_file( ) to load another certificate file ...
   if it fails how can you load another certificate file ?



2011/2/15 lzyzizilzyz...@126.com
What time have you to call SSL_free() and SSL_CTX_free() depends what you want 
to end the SSL/SSL_CTX object's lifecycle.Calling these functions is just 
likedel the object in C++,which means you don't want the object any more.
The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ), 
SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean that 
the SSL/SSL_CTX object won't work any more.For example, if the 
SSL_CTX_use_certificate_file() fails, it just means that the certificate file 
may be not OK.You can also call it to load another certificate file.

2)You may not call SSL_CTX_free(),when SSL objects fails.Because the SSL_CTX 
object  is used to create SSL object as a factory.SSL_CTX may create many SSL 
objects.An SSL object just means that this SSL handshake(or other operations) 
has errors,which does not imply that SSL_CTX object has error.Especially,

the failure of these functions(SSL_connect( ), SSL_accept( ), 
SSL_get_verify_result()) is common in SSL handshake, because your peer sent 
wrong certificate to you or something that violated the SSL protocol.It is not 
your fault,so you just need to free the SSL object or do some reconnection 
operation.


At 2011-02-15 22:40:29，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
Hello,
I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free( )
1) For example, I call SSL_CTX_free( ) when a call to a function which fill in 
the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( ), 
..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea.
2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL object 
fails. it concerns  SSL_connect( ), SSL_accept( ), SSL_get_verify_result(), ... 
is that OK ?
thanks

Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-16 Thread Aro RANAIVONDRAMBOLA

2) = OK
1) I do not understand when you say I can also call
SSL_CTX_use_certificate_file( ) to load another certificate file ...
   if it fails how can you load another certificate file ?


2011/2/15 lzyzizi lzyz...@126.com

 What time have you to call SSL_free() and SSL_CTX_free() depends what you
 want to end the SSL/SSL_CTX object's lifecycle.Calling these functions is
 just like *del* the object in C++,which means you don't want the object
 any more.
 The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ),
 SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean
 that the SSL/SSL_CTX object won't work any more.For example, if the
 SSL_CTX_use_certificate_file() fails, it just means that the certificate
 file may be not OK.You can also call it to load another certificate file.

 2)You may not call SSL_CTX_free(),when SSL objects fails.Because the
 SSL_CTX object  is used to create SSL object as a factory.SSL_CTX may create
 many SSL objects.An SSL object just means that this SSL handshake(or other
 operations) has errors,which does not imply that SSL_CTX object has
 error.Especially,
 the failure of these functions(SSL_connect( ), SSL_accept( ),
 SSL_get_verify_result()) is common in SSL handshake, because your peer sent
 wrong certificate to you or something that violated the SSL protocol.It is
 not your fault,so you just need to free the SSL object or do some
 reconnection operation.


 At 2011-02-15 22:40:29，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:

 Hello,
 I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free(
 )
 1) For example, I call SSL_CTX_free( ) when a call to a function which fill
 in the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file(
 ), ..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea.
 2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL
 object fails. it concerns  SSL_connect( ), SSL_accept( ),
 SSL_get_verify_result(), ... is that OK ?
 thanks

Re:Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-16 Thread lzyzizi

Sorry, I made you confusing.
1)I just want to say that it depends on your needs  to call SSL_CTX_free().For 
example ,you develop an application that needs user to import the certificate 
.If the user import the wrong certificate , you may not call SSL_CTX_free to 
free the SSL_CTX object.You may tell the user that your certificate is wrong, 
and let him import again.
Sometimes,you develop a server.Every time starting server, the server will load 
the certificate.The failure of calling SSL_CTX_use_certificate_file means that 
it load the wrong certificate,If it is a fatal error for you,you should call 
SSL_CTX_free to SSL_CTX object and end your server.

I think  usage of SSL_CTX/SSL function is not about the SSL usage ,but the 
common sense of object-oriented programming.When to kill the object denpends 
what your program needs.


At 2011-02-16 19:40:50，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
2) = OK
1) I do not understand when you say I can also call 
SSL_CTX_use_certificate_file( ) to load another certificate file ...
   if it fails how can you load another certificate file ?



2011/2/15 lzyzizilzyz...@126.com
What time have you to call SSL_free() and SSL_CTX_free() depends what you want 
to end the SSL/SSL_CTX object's lifecycle.Calling these functions is just 
likedel the object in C++,which means you don't want the object any more.
The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ), 
SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean that 
the SSL/SSL_CTX object won't work any more.For example, if the 
SSL_CTX_use_certificate_file() fails, it just means that the certificate file 
may be not OK.You can also call it to load another certificate file.

2)You may not call SSL_CTX_free(),when SSL objects fails.Because the SSL_CTX 
object  is used to create SSL object as a factory.SSL_CTX may create many SSL 
objects.An SSL object just means that this SSL handshake(or other operations) 
has errors,which does not imply that SSL_CTX object has error.Especially,

the failure of these functions(SSL_connect( ), SSL_accept( ), 
SSL_get_verify_result()) is common in SSL handshake, because your peer sent 
wrong certificate to you or something that violated the SSL protocol.It is not 
your fault,so you just need to free the SSL object or do some reconnection 
operation.


At 2011-02-15 22:40:29，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
Hello,
I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free( )
1) For example, I call SSL_CTX_free( ) when a call to a function which fill in 
the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( ), 
..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea.
2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL object 
fails. it concerns  SSL_connect( ), SSL_accept( ), SSL_get_verify_result(), ... 
is that OK ?
thanks

at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-15 Thread Aro RANAIVONDRAMBOLA

Hello,
I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free(
)
1) For example, I call SSL_CTX_free( ) when a call to a function which fill
in the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file(
), ..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea.
2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL
object fails. it concerns  SSL_connect( ), SSL_accept( ),
SSL_get_verify_result(), ... is that OK ?
thanks

Re:at what time must I call SSL_free( ) / SSL_CTX_free( )

2011-02-15 Thread lzyzizi

What time have you to call SSL_free() and SSL_CTX_free() depends what you want 
to end the SSL/SSL_CTX object's lifecycle.Calling these functions is just 
likedel the object in C++,which means you don't want the object any more.
The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ), 
SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean that 
the SSL/SSL_CTX object won't work any more.For example, if the 
SSL_CTX_use_certificate_file() fails, it just means that the certificate file 
may be not OK.You can also call it to load another certificate file.

2)You may not call SSL_CTX_free(),when SSL objects fails.Because the SSL_CTX 
object  is used to create SSL object as a factory.SSL_CTX may create many SSL 
objects.An SSL object just means that this SSL handshake(or other operations) 
has errors,which does not imply that SSL_CTX object has error.Especially,

the failure of these functions(SSL_connect( ), SSL_accept( ), 
SSL_get_verify_result()) is common in SSL handshake, because your peer sent 
wrong certificate to you or something that violated the SSL protocol.It is not 
your fault,so you just need to free the SSL object or do some reconnection 
operation.

At 2011-02-15 22:40:29，Aro RANAIVONDRAMBOLA razuk...@gmail.com wrote:
Hello,
I 'd like to know at what time have I to call SSL_free( ) and SSL_CTX_free( )
1) For example, I call SSL_CTX_free( ) when a call to a function which fill in 
the CTX fails ( SSL_CTX_set_cipher_list( ), SSL_CTX_use_certificate_file( ), 
..., SSL_CTX_set_verify( ) ). I am wondering if it is a good idea.
2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL object 
fails. it concerns  SSL_connect( ), SSL_accept( ), SSL_get_verify_result(), ... 
is that OK ?
thanks

Re: Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

Re:Re: Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

Re:Re: at what time must I call SSL_free( ) / SSL_CTX_free( )

at what time must I call SSL_free( ) / SSL_CTX_free( )

Re:at what time must I call SSL_free( ) / SSL_CTX_free( )

6 matches

Site Navigation

Mail list logo

Footer information