Is there any alternative API for SSL_CTX_load_verify_locations? SSL_CTX_load_verify_location ends up using STDIO calls and i am trying to avoid STDIO calls.
I am stuck here and i need yr help to proceed further. Any help is appreicated. Thanks Vijay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Schwartz Sent: Tuesday, February 15, 2005 10:31 AM To: openssl-users@openssl.org Subject: RE: use os BIOs > I'm trying to implement an eap-tls server using openssl and > I've found only few examples about using memory BIOs to > perform a TLS handshake. > Can you give me some pointer to documentation about this or > to some examples? > > The code that I'm using is very simple: > > <openssl initialization> > <...> > SSL_set_accept_state(ssl); > > <when a packet is received> > BIO_write(in_BIO, packet data, datalen); > BIO_read(out_BIO, data, datalen); > <send packet with data> > > > Can this approach work? Yes. > Sometimes the read returns -1 (no data available), but > it should give some data (e.g. the ServerHello). > What I'm missing? What you're missing is that the OpenSSL engine is the boss of what to do when. You have to do four things, and you must do each one when the OpenSSL engine tells you to: 1) You must receive encrypted data from the other end and hand it to OpenSSL. 2) You must take encrypted data from OpenSSL and send it to the other end. 3) You must take plaintext from the application and give it to OpenSSL to encryptd. 4) You must take plaintext from OpenSSL and process it. Do not ever assume that because you did 1, you will next do 4. This might happen, but it might not. Assumptions will lead to deadlock. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
