On 6/21/2011 2:40 AM, ml.vladimbe...@gmail.com wrote:
The fourth function is SSL_EncryptUserData, which encrypt our own application data before we can send their to secure channel: int SSL_EncryptApplicationData(char *buf_in, int buf_in_len, char buf_out, int buf_out_len, int *need_buf_out_len); The result of this function is number of bytes written to the buf_out buffer, if success. [need_buf_out_len] - the necessary size of the output buffer if buf_out_len is not enough to contain all data When I(programmer) need to send any data to the secure socket I am calling SSL_EncryptUserData and after this I send encrypted data from buf_out to the socket.
No, that can't possibly work. Any mechanism involving trying to "look through" the SSL state machine is doomed to fail. Completely erase from your mind any notion that you can map particular bits of encrypted data to particular bits of decrypted data or vice versa.
The SSL engine is a black box with four hooks. What goes on inside it is, as far as your application should be concerned, unimportant.
DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org