Dear users and developers, we just read through some of the code examples for SRP usage.
Concerning the necessary callbacks we wonder why in s_server.c the verifier parametrization is being delayed. Within apps/s_server.c we can find the comment: "When the callback is called for a new connection we return with a negative value. This will provoke the accept etc to return with an LOOKUP_X509. The main logic of the reinvokes the suspended call (which would normally occur after a worker has finished) and we set the user parameters." There seems to be something missing between 'the' and 'reinvokes', so we cannot understand what's being meant. May it be a security impact to implement the lookup within the callback itself (as done in ssl/ssltest.c, based on user's password) or may there be other error conditions which are covered by relocating the lookup to init_ssl_connection in apps/s_cerver.c? Any opinions about possible security weakening against implementing the lookup within the callback? TIA -- Christian Weber ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
