The problem with the OpenSSLDie() function is not that it is not being
exported. The problem is that it calls abort() which terminates the
application that is using OpenSSL as a library. This opens up a
wonderful denial of service attack. That is what Arne Ansper started
to address with his patch.
> On windows It can be fixed by adding the following in the code
> __declspec( dllexport ) before the OpenSSLDie function? I am not sure
> if it is safe?
>
> [[EMAIL PROTECTED] - Thu Aug 1 16:14:14 2002]:
>
> > On Tue, Jul 30, 2002 at 06:08:46PM +0300, Arne Ansper wrote:
> >
> > > attached is a patch for openssl-0.9.6e that removes the usage of
> die.
> > > please review it carefully. all changes are localized but the
> action i
> > > take in some places where error reporting is not possible might be
> little
> > > bit wrong (i.e. in ssl2_generate_key_material(). this is void
> function, so
> > > i cannot indicate error).
> >
> > Thanks for the patch. For static functions, you can safely change
> > void into int so that you can indicate the errors properly.
> >
>
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
