> [seggelm...@fh-muenster.de - Fri Dec 23 09:04:52 2011]: > > Updated version with less defines and without breaking binary compatibility. >
Thank you. We've only got one SSL_OP flag left. Would it be possible to use an alternative to SSL_OP_NO_HB_REQUEST? For example a ctrl and using a bit in s->tlsext_heartbeat? In ssl_parse_serverhello_tlsext() and the heartbeat extension is absent should s->tlsext_heartbeat be set to an appropriate value? Reading through the draft specification it isn't clear to me how the heartbeat extension interacts with sessions. Section 2 does say "This decision can be changed with every renegotiation." but it isn't clear how resumed sessions are treated. In other words for a resumed session should the heartbeat extension in the client hello be recognised or should the value from the initial session be used? If the latter then the heartbeat value from the original session needs to be stored in the SSL_SESSION structure. Minor code nitpick. There are several unnecessary "& 0xff" operations in the patch for fields which can never exceed 0xff or which are always less than 0xff (e.g. data[0], 0x02) Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
