Re: Encapsulation (WAS: err in SSL_shutdown)

Sun, 19 Aug 2001 03:00:55 -0700 

On Sun, Aug 19, 2001 at 10:18:54AM +0100, Miles Sabin wrote:
> I think it needs a tweak tho'. You don't say how the shutdown state 
> bitmask can be read. I think you should, because a grep through the 
> example sources would suggest that you get it by grubbing around 
> directly in the SSL struct, ie. ssl->shutdown. I'd imagine that this 
> is wrong (it's a nasty violation of encapsulation) and that the right 
> way is to invoke SSL_get_shutdown(). Bizzarely, I can't find _any_
> uses of SSL_get_shutdown() anywhere in the 0.9.6b distribution.

SSL_get_shutdown() is described in the SSL_set_shutdown manual page.
I will follow your proposal and and add a corresponding note to
the SSL_shutdown manual page.
That example programs directly manipulate ssl->shutdown is a bad idea.
Things grew over time and would probably need some overhaul.

> Out of interest, does anyone have any guesses as to how easy would it 
> be to make the various data structures completely opaque? Would it 
> break huge amounts of code which depend on being able to poke around 
> in the innards of the implementation?

In fact, no code should directly access the members of the OpenSSL structures.
We provide an API for every operation that is necessary.
If something cannot be done with the API, it probably should not be done
in the first place (maybe because it violates the RFC or is a bad idea
anyway). Maybe the API is not complete and some operations are missing.
In this last case, we have to extend the API.
More or less all members of the OpenSSL-team are engaged in OpenSSL aware
applications, so we should have an overview of what things the API should
support, but nothing is perfect :-)

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to