On Tue, Jul 24, 2001 at 02:45:17PM -0230, Cory Winter wrote:
> Hi,
>
> If a client implements it's own verify callback and that callback prompts
> the user for input. (ie. Yes/No to allow connection) Is there a mechanism
> which would prevent this action from blocking the server? Currently my
> server which accepts all connections on a single thread denies connections
> to other clients once a single client is waiting for input from the user.
>
> SSL_accept(...) doesn't return until SSL_connect(...)'s verify callback
> returns. The handshake waits. Is this incorrect usage of the verify
> callback?
Hmm. I think it is ok to use it this way. As far as I can see,
Netscape does the same if there are doubts (unknown CA, hostname not
matching).
I would see it the other way round: your server is broken. A single client
can block it. It's the perfect situation for a DoS attack.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
