> Thanks Marek, can you explain more on this "MAC" verification errors?
> When I can ensure only control records are read by SSL_read, why should
> I get such errors? Yeah, ur correct, I will discard appliation records ;)
> (don't ask me how!!) but then openssl will work rite?
>
> What I have to do next depends on YOUR answer or anyone on this
> Mailing list :)
SSL would be much less useful if a man-in-the-middle could delete
chunks of
application data and neither side could detect this molestation. However,
nothing would go wrong if the other side of an SSL application never chose
to send any application records. This is perfectly legal if no application
data need to be sent by that side.
This sounds like another example of someone trying to use OpenSSL to
provide in-kernel SSL implementations. See my other replies to people trying
to do that for some suggestions and some explanations for why trying to do
it at a high level is unlikely to be able to be made to work.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
