> That said -- to the extent that RSAREF is still being used as a > crypto library for SSLeay/OpenSSL and SSHv.1 "testbed implementations," in > the US and elsewhere (?!) -- would not it be easier and safer to address > this sort of potential problem with a wrapper which checks for appropriate > input, and flags or blocks unruly exceptions? I committed a patch to that effect to our RSAREF wrapper functions. I don't seem to have RSAREF around any more. Someone who does, please check whether the patch is correct. Once it is confirmed, I think we should also make it available on the download site. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
