On 04/17/2014 05:27 AM, Olivier Mengué wrote:
The ultimate heartbleed check would be implemented using a BIO_s_mem()
(which means, without using sockets or any file descriptor).
If someone is tempted by the task, the ssl/ssltest.c example of OpenSSL
may help to see how to use BIO.
http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/ssltest.c;hb=HEAD
Someone already created a simple heardbleed testcase for openssl:
http://marc.info/?l=openssl-dev&m=139746949222785&w=2
As Crypt::SSLeay rarely is used to implement HTTPS and secure socket
transports - it is mainly used for the crypto in it -
I'd rather ask its big brother Net::SSLeay to check for it.
--
Reini
Working towards a true Modern Perl.
Slim, functional, unbloated, compile-time optimizable
