On 6/20/16, 17:12 , "openssl-dev on behalf of Salz, Rich" <openssl-dev-boun...@openssl.org on behalf of rs...@akamai.com> wrote:
>> Defensive programming is about handling gracefully the cases when the >> user/caller does something he “is not supposed to do”. > >There is a limit. True. >Should we return an error code that will most likely be ignored? Yes, as long as you don’t crash... >Should the C library be defensive about fprintf, strcpy, etc., etc.? Heck, yes! There are reasons why sane programmers don’t use strcpy() nowadays. ;) >>Software that relies on its users doing only the right things…? Really? > >OpenSSL *is not* going to check for NULL parameters where you don't >supply them. Is the interface partitioned that well? Perhaps it’s my ignorance, but I didn’t think so. >It never has (not universally) and it never will. If you want another >language... .:) ;-)
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev