Hello, I have spent some times reviewing the SSL code in order to add support client handshake start. I have seen several problems that I'd like to share:
- messages sent are encrypted when they are submitted: I see two problems with that: if a message is submitted before the handshake is completed, then behavior is probably error. If a message is submitted so queued but handshake happened between the data are sent to the socket, then it's likely that remote won't be able to decode it. - Regarding the handshake, it may lead to data sent. In our implementation, it queue another message to be sent which will not be encrypted because the state is linked to the handshake but this means if the application submits a message to send, it will not be encrypted as well. The changes I propose are the following: - encryption performed only when data is to be written to the socket - messages are stored with a flag to tell if they have been already encrypted - messages generated as part of the handshake should probably queued at the top of the queue instead of the tail for application messages. WDYT ? I will be MIA for the whole week from Friday with very rare Internet connections Jeff -- Jeff MAURY "Legacy code" often differs from its suggested alternative by actually working and scaling. - Bjarne Stroustrup http://www.jeffmaury.com http://riadiscuss.jeffmaury.com http://www.twitter.com/jeffmaury
