On Thu, 11 Oct 2001, Bodo Moeller wrote:
> I contemplate adding to OpenSSL (0.9.7 -- 0.9.6c is for bugfixes only) > a new callback hook that can be used for handling this. The > application-defined callback would be called for every message > received or sent. Then the application itself can store the message > content if needed. (While the callback would not be called for > application data, I see no reason to limit it to handshake messages. > Alerts might also be of interest to applications.) This should be > easy to do; the main difficulty is to devise an API that can be kept > as consistent as possible across protocol versions. Yes, having a callback mechanism would be quite useful. I shouldn't have suggested using the current patch because I knew that it was in an acceptable stated to be used. I realize that renegotiation should not be required and should be done by the application above if needed. Furthermore, I agree that memory usage of the patch (which Ben pointed out) is not great and should be changed. My intentions were to find out if something like what I proposed could be incorporated in the OpenSSL or provide a feature like a callback mechanism that you suggested. However, it seems that if we were to use the callback mechanism, then mod_ssl would need to be modified. So we have an option of either providing a patch to OpenSSL or mod_ssl which seems to be same thing in the end. I approached OpenSSL community first because we created an implementation that provided such functionality. And, at the time, it seemed like a reasonable thing to assume that OpenSSL can just save the handshake since the modifications are small. Wouldn't it require more work to provide a callback function, then to add a new structure to save the handshake. A callback function would be called in all the places where a handshake could be stored internally. Anyway, these were my two cents on trying to argue for my case. I would be satisfied with a callback function if that's all I can get. Thank you. -Olga ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]