The problem with the OpenSSLDie() function is not that it is not being exported. The problem is that it calls abort() which terminates the application that is using OpenSSL as a library. This opens up a wonderful denial of service attack. That is what Arne Ansper started to address with his patch.
> On windows It can be fixed by adding the following in the code > __declspec( dllexport ) before the OpenSSLDie function? I am not sure > if it is safe? > > [[EMAIL PROTECTED] - Thu Aug 1 16:14:14 2002]: > > > On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote: > > > > > attached is a patch for openssl-0.9.6e that removes the usage of > die. > > > please review it carefully. all changes are localized but the > action i > > > take in some places where error reporting is not possible might be > little > > > bit wrong (i.e. in ssl2_generate_key_material(). this is void > function, so > > > i cannot indicate error). > > > > Thanks for the patch. For static functions, you can safely change > > void into int so that you can indicate the errors properly. > > > Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
