Re: crash on BIO_free call.

Thu, 04 May 2000 10:07:35 -0700 

From: Tonu Samuel <[EMAIL PROTECTED]>
Subject: Re: crash on BIO_free call.
Date: Thu, 04 May 2000 14:58:13 +0300
Message-ID: <[EMAIL PROTECTED]>

tonu> Richard Levitte - VMS Whacker wrote:
tonu> 
tonu> > Don't do BIO_free() on BIO's that you have handed over to an SSL*
tonu> > (which you obviously do with SSL_set_bio()), SSL_free() does that for
tonu> > you.
tonu> 
tonu> Thank you for reply. 

YW :-).

tonu> I have some more less important at now questions:
tonu> - What is the right source for information for OpenSSL for this type of
tonu> questions. It would be nice if these "tricks" are documented somewhere
tonu> in better way than header files or example code. I know, this
tonu> documentation may not exist at all and I am not claiming at all but if
tonu> it exists then please direct me to right place. This can save a lot of
tonu> time sometime.

A lot of docs have already been written.  However, the SSL part of
OpenSSL still lack new docs, but you can find some (more or less good)
in doc/ssleay.txt.  That's the old docs (slamed together in one file)
that Eric Young wrote a long time ago...

I suggest you stay tuned at http://www.openssl.org/docs/, because
sooner or later, new docs *will* turn up and clear things up.

tonu> - Is there any online documentation for developer about using OpenSSL in
tonu> secure way. Mostly I am aware about security and SSL but anyway it would
tonu> good to have some step-by-step guite, how to be sure that implementation
tonu> will be secure. What results should be checked. 50% of security holes I
tonu> have seen is coming just from using right thing in wrong way. Mistakes
tonu> are small but make all the system insecure and useless.

Uhmm, I recall a number of URL's with such guides being mentioned
before.  They should probably be assembled into a page (the URL's,
that is :-)).  Perhaps they are and I just haven't noticed yet?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
           Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to