> configure.in: > > - LIBS="$LIBS -lssl", > - echo no;echo Either get a multithread-enabled SSL or configure with >--disable-ssl; > - exit 1, > + LIBS="$LIBS -lssl -lcrypto", > + echo no;AC_DEFINE(HAVE_LIBSSL) > + LIBS="$LIBS -lssl -lcrypto";echo "WARNING: OpenSSL is not >multithread-enabled!", > > It really makes no sense to use non-threaded OpenSSL. It leads to random crashes. > And users are prone to ignoring these kinds of warnings, then coming to the list > whining about those random crashes. I think this was discussed earlier when I > made my client side implementation?
I know, but we would like to keep the support for the Cygwin platform and there we currently run openssl un-threaded. I don't like to force users to hack in the configure.in (or even configure in worst case) to get a runable system out of it. > conn.c: > > +void server_ssl_init(void) > > conn.h: > > +void server_init_ssl(void); > > This must be a typo. > > Is there a need for different certificates and SSL contexts for clients and servers? This depends on the user. Some may need different instances for server and client side. This way the user can decide on it's own if he/she wants them to match in the config file. Otherwise you would be to restrictive in my opinion if you would use only one for both sides. Comments from the others? > smsbox.c: > > + > +#ifdef HAVE_LIBSSL > + cfg_get_bool(&ssl, grp, octstr_imm("admin-port-ssl")); > > +#ifdef HAVE_LIBSSL > + cfg_get_bool(&ssl, grp, octstr_imm("sendsms-port-ssl")); > +#endif /* HAVE_LIBSSL */ > + > > I think we should actually read this config variable even though we haven't > compiled SSL in and warn the user if they're trying to use SSL. right! -- I'll do change that. > + } else if (ssl) { > + panic(0, "You MUST specify cert and key files within core group for >SSL!"); > + } > > Is this really cause for panic? If you want SSL support for the HTTP server, but there is no cert and key file specified?? Hmm, I think so, yes. Stipe [EMAIL PROTECTED] ------------------------------------------------------------------- Wapme Systems AG Münsterstr. 248 40470 Düsseldorf Tel: +49-211-74845-0 Fax: +49-211-74845-299 E-Mail: [EMAIL PROTECTED] Internet: http://www.wapme-systems.de ------------------------------------------------------------------- wapme.net - wherever you are