Richard Levitte - VMS Whacker wrote:
> Don't do BIO_free() on BIO's that you have handed over to an SSL*
> (which you obviously do with SSL_set_bio()), SSL_free() does that for
> you.
Thank you for reply. I have some more less important at now questions:
- What is the right source for information for OpenSSL for this type of
questions. It would be nice if these "tricks" are documented somewhere
in better way than header files or example code. I know, this
documentation may not exist at all and I am not claiming at all but if
it exists then please direct me to right place. This can save a lot of
time sometime.
- Is there any online documentation for developer about using OpenSSL in
secure way. Mostly I am aware about security and SSL but anyway it would
good to have some step-by-step guite, how to be sure that implementation
will be secure. What results should be checked. 50% of security holes I
have seen is coming just from using right thing in wrong way. Mistakes
are small but make all the system insecure and useless.
--
+----------------------------------------------------------------+
| TcX ____ __ _____ _____ ___ |
| /*/\*\/\*\ /*/ \*\ /*/ \*\ |*| Tõnu Samuel |
| /*/ /*/ /*/ \*\_ |*| |*||*| [EMAIL PROTECTED] |
| /*/ /*/ /*/\*\/*/ \*\|*| |*||*| Tallinn, Estonia |
| /*/ /*/ /*/\*\_/*/ \*\_/*/ |*|____ |
| ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^ |
| /*/ \*\ Developers Team |
+----------------------------------------------------------------+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
