> I just found out that the files i have been creating are in the
> OpenSSL folder, not in the Bin folder. Are those files that I have created
> working ? how do i test it ?
I have no idea what files you are talking about. You could be talking about
keys, certificates, configuration files, encryp
> Sorry for not being clear.
> I was following the link you have provided below. First I was trying to
> generate a private key by
> type "openssl genrsa -out my-prvkey.pem 1024" to the windows Vista CMD
> and the result was:
>C:\OpenSSL>openssl genrsa -out my-prvkey.pem 1024
> Loading 'screen'
> The problem is if I give the name of the extension given as in the
> certificate,
What is the "name of the extension given as in the certificate"?
Certificates don't contain extension names.
> the OBJ_sn2nid function is throwing NULL value that
> means it is
> unable to find the extension.
Pr
> Hello!
>
> I use openssl to work with apache server via https.
> But I see a strange situation when the second and the third calls
> to send()
> in my test-case read 0 bytes from socket.
> Can you provide here any help?
Why is that surprising? That's exactly what I would expect to happen. When
> Hi
> Thanks for reply.
>
> In fact, I'm not sure why apache closes connection even if I set KeepAlive
> to On in httpd.conf.
Because that's what HTTP version 1.0 says to do, and you asked for HTTP 1.0
behavior. If it didn't, how would the client know when it got the entire
request?
> If I send
> Now the problem is before the connection is established.
> Select is based on the file descriptor. Looks like I can't get
> the file descriptor before the connect.
> FD_SET(BIO_get_fd(conn, &c), &rfds) BIO_get_fd
> returns null. what did I do wrong?
You should not be calling 'select' until tol
> > Because that's what HTTP version 1.0 says to do, and you asked
> > for HTTP 1.0
> > behavior. If it didn't, how would the client know when it got the entire
> > request?
> (You mean the entire response, and in particular response body
> aka entity.)
Right.
> Content-length is allowed in 1.0
> Thanks, but as I said, I cannot simply provide my own linkable versions
> of fopen, fread, etc. These functions are reserved by the system for
> other uses.
>
> Is there no way to cleanly override IO in OpenSSL?
>
> Thanks.
Just never ask OpenSSL to operate on a file. If you want to read a key
> Hi there
> I am trying to integrate a paypal shopping cart into my site and paypal
> recommend getting a security certificate from your website.
> Their site tells users to find the WIN32 section of your site to get
> the source for the certificate but I cant find that section anywhere.
I goog
> mac# gcc blowfish.c -o blowfish
Where did you get this command from and what was it supposed to accomplish?
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> Sorry I didn't update the list, but I tried with
> -lssl and -lcrypto, as well as -I/usr/include/openssl.
And what happened? Did you get the same error messages or different ones?
> I've reinstalled openssl to no avail.
What directories did you install to? And did you tell your compiler/linke
>> On Feb 3, 2008 10:51 AM, David Schwartz <[EMAIL PROTECTED]> wrote:
>>> mac# gcc blowfish.c -o blowfish
>> Where did you get this command from and what
>> was it supposed to accomplish?
> blowfish.c is a progam I wrote which contained a series of methods
> Hi David,
> I'm down to symbol not defined for one item - incremental_send
> (and I can't find what file this is supposed to be in).
Well, you need to do that.
> I re-installed to /usr/include/openssl and used --prefix=/usr/include
> and --openssldir=/usr/include
> Ummm, I realize that. I've tried hunting down where the
> incremental_send method is and I can't find it anywhere.
It's in your book.
> Can you give some suggestions on the "rational troubleshooting"
> you recommend?
Check your source code for references to "incremental_send". You can use
"
> The source for incremental_send isn't in the book anywhere
> that I've seen.
Well then that explains the problem. You are calling a function that does
not exist.
> I'm using the first edition (June 2002).
> My code does call incremental_send,
> and the code I'm trying to compile is the exampl
> Hi All;
> Thanks to you for your suggestions. I followed your suggestion
> and removed "ssl/ssl_task.c" and compiled it but I got one
> problem which is as follows:
> "crypto\sha\sha1s.cpp", line 72: cc0020: error: identifier "GetTSC" is
> undefined
> GetTSC(s1);
You have no TSC,
> Can you share the code that you found, a link to it, or at
> least a hint as to which search engine you found it on?
>> http://www.cs.odu.edu/~cs772/sourcecode/NSwO/compiled/encdec.c
There you go.
I'm curious -- do you understand what the code you are compiling is supposed
to actually *do*? B
> I made a program that connects to a stunnel server.
> I am able to connect to the server, read, write, with no problems.
Good.
> The problem is that if I close the stunnel, I can handle the error
> correctly if I make an SSL_read, but not if I make an SSL_write.
> The SSL_write returns a posit
> Hi David,
> Yes indeed I do. I have seen that link before,
> but it doesn't contain the contents of incremental_send
> (this data is left hanging in limbo with nothing to do).
That is the contents of incremental_send.
> My goal is to integrate this into a sockets app
> If I close stunnel, the next SSL_write will return a positive value,
> as if everything is ok, the second causes sudden application termination.
Make a build with debugging symbols, get a core dump, and analyze it with
'gdb' or similar. Alternatively, post the smallest complete, compilable
exam
> ret = SSL_write( m_ssl, buf, buf_lef );
>
> which returns -1, as you'd expect. But (and here's the odd part) when I
> call:
>
> SSL_get_error( m_ssl, ret )
>
> it returns SSL_ERROR_WANT_READ, not SSL_ERROR_WANT_WRITE. How can this
> be!? The OpenSSL library is setup in client mode, so sh
> I found out that if I keep calling SSL_write, if the connection
> is closed remotely (killing stunnel), my application hangs.
I thought your problem was crashing. Now I see that it's hanging. These are
two totally different problems.
> I made some tests, and saw that the error happens only if
> Sorry for my bad english, it crashes, it doesn't hang.
Then compile with '-g' and run 'gdb' on the core dump. Post the output of
the 'where' command.
DS
__
OpenSSL Project http://www.openssl.o
> Program received signal SIGPIPE, Broken pipe.
You need to either catch or ignore SIGPIPE.
> There is also the output of the program. I think the focus should
> not be on the call the caused the crash, but on the call before,
> which returned 7 even if the connection was closed.
There's nothin
I am using the latest 9.8g openssl on Solaris 10 update 3. The ssl
handshake is working fine. I want to use the Niagra 2 chip to do my
encryping but I need the pkcs11 engine. The 9.8g
ENGINE_load_builtin_engines() does not have pkcs11.
How do I get it and if there is a way then how do I instal
After the accept do the following... BTW...are you using the pkcs11
engine? I am trying to find out the patch for 9.8g version.
sbio=BIO_new_socket(socketFd, BIO_NOCLOSE);
// Create a new SSL structure
ssl=SSL_new(ctx);
// Connect the read and write BIOs
Joel Christner wrote:
> dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
> for (i=0;i readBufferClear=decrypt(&context,readBuffer+i,1);
You are passing characters one-at-a-time to your decryption function.
Depending on exactly what this function does, this may indicate that yo
> Please give me some feedback.
Why don't you just call RAND_add? This seems like a complicated way to
accomplish nothing.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> When I connect to our printer server, the certificate is never verified
> correctly. When I specify the CA certificate file manually on the command
> line, it works though. The root certificate in question is installed, and
^
Can someone point me to some documentation on how to create certificates
during runtime in the code?
I can use the openssl command from solaris at the terminal but how do I
do it in the code?
Thanx.
Dave
__
OpenSSL Project
> I have a SSL client and a server application.The client connects to a
> SSL server in a TCP socket persistence mode, i.e, it does a data
> exchange with the server through a SSL connection , tears down the SSL
> connection but again sends out a client_hello in the same TCP socket
> connection it
> But, the application code tries to clear out/shutdown existing
> SSL session with orderly bi-directional alerts. Once shutdown it
> creates a new SSL object 'ssl' [ssl = SSL_new (ctx)]
> for the next session in persistent connection..
This is nearly impossible to do. It's possible that you did
>> This is nearly impossible to do. It's possible that you did it correctly,
>> but very unlikely. The basic problem is this -- when you call 'read' to
get
>> the last message of the first session, how do you make sure you also
don't
>> get all or part of the first message of the second session?
> ..I mentioned overhead not in terms of data bytes, but the time.
> Considering that in the system each session should not last not
> more than 3-4 seconds, and client wanting to make multiple SSL
> session with server, persistence can offer performance improvement.
You're just making that up, b
> I'm encrypt a file using RSA_private_encrypt, this work fine.
Actually, you've *signed* the file, not encrypted it. And you've done so
incredibly badly at that.
DS
__
OpenSSL Project http://ww
> My application calls some library functions, which uses
> OpenSSL. When my appliction runs, I believe OpenSSL emitted
> some messages described below.
Nope. Your application emitted them. OpenSSL detected them and reported
them, you chose to print them out.
> Does anyone know what caused thos
> when i compile the program p192.c i get following error
> [EMAIL PROTECTED] ~]# gcc p192.c
This is not the command to compile. This is the command to compile and link.
"gcc -c p192.c" is the command to compile, and you will likely get no
errors.
> /tmp/ccicrxZV.o: In function `main':
> p192.
> We are using OPEN SSL library in our client server application. We are
using > SSL_WRITE and SSL_READ api used to read and
> write operations between them. Connection is broken When server sends very
> large message (more than 56K) using SSL_WRITE api.
That's probably due to a bug in your code
> 26.02.08, 23:23, [EMAIL PROTECTED]:
>
> > Hello,
> > > I have to connect to my OpenSSL server through proxy server.
> How can I
> > establish this connection?
> > Establish tcp connection through proxy (connect, socks5, transparent,
> > reverse or any other)
> > and next run SSL on this tcp conn
I am using the s_client() program in openssl to test my certificates.
Anyone ever see this error?
subject=/C=US/ST=Colorado/L=Louisville/O=SUN/OU=Storage Group/CN=topeka
issuer=/C=US/ST=Colorado/L=Louisville/O=SUN/OU=Storage Group/CN=RootCA
---
No client certificate CA names sent
---
SSL handsh
> I've written a network app using pthreads, ssl, and xml.
>
> I use xml over tcp over ssl and all of that is working fine.
>
> Whilest chasing down what I thought was a bug, I started using
> valgrind on my app.
>
> I'm receiving thousands of "uninitialized value and conditional jump"
> errors tr
> > Consider:
> >
> > char buf[1024];
> > int i, j;
> >
> > buf[1024]=0; // to make sure we don't run off the end
> >
>
> Does not C number the indices: 0..1023?
Yeah, that's what I get for hastily constructing an example.
DS
_
I am using s_client and s_server right now and it is working for me.
I specify the -certs file and the CAfile for the root.
Josh wrote:
Hello,
We are getting an odd self-signed cert error when using openssl s_client
to test the connection for a web service on an internal server. This
servic
Let's start with the obvious, just to make 100% sure we're really having an
issue here.
> Here is one code example where I'm reading a 10-byte block of data
> (always 10-bytes, not less):
>
> bufptr = (u_char *)&wh;
> for (nread = 0; nread < sizeof(wh); nread += ret) {
> ret =
> Thanks Marek!
>
> One last question, can an algorithm or cipher suite be enabled or
> disabled on OpenSSL by an user (I mean, without needing to
> recompile and redistribute OpenSSL binaries)?
You can definitively disable an algorithm by not including it in the
libraries. Most programs that use
> Doesn't what you suggest create a headache? Every time I want to
> decrypt an
> old message I sent or I received, or a file, I will need to
> change the mail
> client configuration and point it to another private key.
One would hope your mail client will allow you to keep any number of k
> Arguably, you shouldn't do it even once, because it's extremely easy
> to fall into the pattern of "one key and one key only" in the systems
> design or implementation. I can't remember who coined the phrase, but
> it's not "good crypto hygeine".
I have argued many times that not including the
> > I have argued many times that not including the creation date
> in every private key data format was a *huge* mistake.
> Furthermore --
> How do you know what time it is? How do I know you know what time
> it is? Do I trust you to put the correct time, or even a monotically
> increasing
> David's apparent statement is "the person trusting the time is the
> person generating the key."
> Michael's apparent idea is "if you're generating it and including it
> in the key format, then you're making an assertion which must
> trustable by people other than the person generating the key."
Michael Sierchio wrote:
> Anyway, in the case of RSA keypairs we don't manufacture them, we
> discover them. They're already there, we just search for our p's and q's
> in the appropriate range and rely on chance starting conditions to find
> some not in use. I suggested, but not entirely in je
Steffen Dettmer wrote:
> > > You may argue, and get me to agree, that cert
> > > reissue/resigning with the same SubjectPubkeyData is a bad
> > > idea. Make 'em generate keypairs. Keep a list forever of
> > > pubkeys seen in certs and reject any that appear in CSRs.
> (CSR? Is this like a CRL
Do you want to do it inline or not. If not I can send the commands.
EL HACHIMI Driss wrote:
Hello,
I have to setup an SSL communication between a client and a server. I
have bought the OpenSSL book and I have downloaded the last OpenSSL
release version.
I think the first think to do is to se
> The vague idea I've gotten so far is that I need to somehow
> transfer the SSL_SESSION to the new process. Examining the
> output of SSL_SESSION_print_fp() I see that the session ID
> and master key change every time SSL is initialized, so
> simply reinitializing the SSL library in the new proce
> Wow, is it possible one can't get help on this simple question??
It's entirely possible that the person who had the answer to your question
saw it and had no idea they knew the answer. Your question contains *no*
details. It would require someone to go hunting to figure out what your
proble
Michael Sierchio:
> If it's your policy not to reuse keys, or allow their use beyond
> the lifespan of the certificate, then the enforcement mechanism
> for this MUST be in the CA.
I completely disagree. If this were true, CA's would generate the private key
as part of the certificate issuing p
> David Schwartz wrote:
> > Michael Sierchio:
> >> If it's your policy not to reuse keys, or allow their use beyond
> >> the lifespan of the certificate, then the enforcement mechanism
> >> for this MUST be in the CA.
> I completely disagree. I
Michael Sierchio wrote:
> I'm not suggesting that this isn't useful, just that it is not
> a defect that it isn't part of the key format itself.
That may or may not be true, but none of your arguments support this point.
I'm learning towards a belief that it is a defect, but I am not thoroughly
> Hi,
> I have setup an SSL server that works fine up to
> 400 connected clients.
> When I try to have more then 400 clients, then my server hangs in the
> SSL_accept call This happens very randomly, sometimes beyond 1000
> connected clients...
> The server is dead once this happen and no o
> Hi David,
> My code looks like this:
1 while(1)
2 {
3r = SSL_accept(m_ssl);
4if (r > 0)
5{
6 break;
7}
8r = ssl_retry(r);
9if ( r <= 0)
10
> Well, that is not true and I am sorry I did not give
> you the full code as it is quite complicated but the
> snipet you see above is called after a new connection
> is already accepted. So I have an outer loop that does
> a select and once a new connection is detected and accepted
> without
To Md Lazreg:
I think I found it.
ready_sockets = ::select(m_max_socket + 1, rfds, 0, 0,&tv);
if (ready_sockets > 0)
{
if (FD_ISSET(s->get_sock(),p->get_rfds()))
{
new_s->set_non_blocking(true); /* GAK */
if (s->accept(new_s))
{
> Maybe I need some more coffee before I google...
>
> I just upgraded to openssl-0.9.8g, but when I type openssl version it
> still shows me the old one.
That just means that you are running the executable from the old version.
> Am I missing some steps here and is there a web page where I can
> Our program that use openssl can't work normally with
> 'https' protocol. Then we use ethereal to sniff data on
> the port 443 and find that client doens't send "client hello"
> message to server after it finish tcp handshake. Does anyone
> known about this? BTW: the openssl lib is fine under an
On Tue, Apr 1, 2008 at 11:56 PM, raj H <[EMAIL PROTECTED]> wrote:
> Anybody any comments?
It's really hard to help you because your question is so vague. What
platform are you using? What performance are you seeing? What performance
did you expect? Is the problem with session setup rate or conne
> Can some one point me to instructions on how to create a shared object
> that contains the fipscanister.o and passes the FIPS_mode_set() test
> I can create executables using the ldfips script that pass the test but
> when I attempt to create a fips compliant shared library (the FIPS User
> Guid
smime.p7m
Description: S/MIME encrypted message
> Thanks Kyle,
>
> Here is my situation:
>
> I have a server which can sign certificates over tls(implemented in
> both client and peer).
>
> I generate a public/private key pair for each peer now.
>
> I need a way so Peer A Trusts Peer B because.
>
> So, I am trying to figure out the best way to
> Right, Gotcha!
>
> There is one flaw in this design however.
>
> Peers:
> A, B, E
>
> By this scenario all three peers would be able to communicate, not
> just A and B, but also E.
Do you want the server to have to approve A to talk specifically to B? Or do
you just want A and B to be able to i
Kyle Hamilton wrote:
> You can have B contact the server and obtain a signed "authorization
> certificate" for its key that uses custom extensions to specify 'is
> authorized to connect to A' for a given timeframe, and have that be
> the certificate that B presents when connecting to A. Then, A
ps someone.
--
David Miller
This list was given as a place to ask general questions regarding the
Net::SSLeay module for perl. I'm having success using the module in a perl
command-line script to perform an authenticated login to my mail server to send
E-mail. When I try to adapt the same code to work from a CGI script f
> The documentation's poor at best, and I don't completely get the
> general concepts. From reading examples I figure that only the
> BIO_f_ssl does encryption-decryption when written into? so what should
> I do if I want to provide an api that has functions b_encrypt and
> encrypt_flush?
I think
> Thank's for the answer, but i still got a little problem,
> when i run this code :
> EVP_PKEY *key2 = X509_get_pubkey(certif.getX509Certificate());
> cout << BN_bn2hex(key2->pkey.rsa->n);
> I miss the first 00 of the public key...
> How can i get them ?
The leading '00' is part of the DER enc
> One more question: I'm working on an ansynchronous framework, and
> there's a "poll" method that gets called in each iteration. In our
> sockets, this method's supposed to do whatever needs doing, and return
> how many bytes are waiting to be read from the socket, so the return
> value should be
> I have an application that is dynamically linked with openssl.
> I'd like to load system installed openssl at runtime.
1) "I'd like to use the system installed openssl rather than one I know is
secure."
> My application can only be as secure as the openssl loaded into
> the process. What steps
> Thanks for your response. Shipping my own version of openssl is ruled
> out. So I have to trust the system installed one. Think at least on some
> Unix systems, LD_LIBRARY_PATH is searched first.
Right, this is beause:
1) A library cannot do any harm the user could not do directly. So there's
> You have lots of good points. Thank you again.
You're welcome.
> I work for AOL, developing cross platform SDK for instant messaging that
> supports plugins. Plugins can be malicious. And AOL is responsible for
> protecting users' identity and privacy. Considering our user base, a
> trojan is
> Hi! I have some transport which based on winsock. Client(FTPS)
> send to me some data over SSL, and i receive it with (for example):
>
> ...
>if (WSARecv(AcceptSocket, &DataBuf, 1, &RecvBytes, &Flags,
> &AcceptOverlapped, NULL) == SOCKET_ERROR){
> if (WSAGetLastError() != WSA_IO_PENDIN
> i mean is there any equivalent function for
> SSL_CTX_use_certificate_chain_file which takes certificate buffer
> instead of certificate file name.
Just look at the source code to SSL_CTX_use_certificate_chain_file. As I
recall (it has been awhile) you will find code in there that address the
c
> The application I am developing requires HTTP over SSL connection
> and hence I am using OpenSSL for SSL support . But Using OpenSSL
> with all the cryptographic libraries included increases the size of
> my app heavily . To deal with that , I want to build a OpenSSL
> library with NULL encrypti
Prabhu S wrote:
>if(l_ssl_err_code == SSL_ERROR_WANT_READ || l_ssl_err_code ==
>SSL_ERROR_WANT_WRITE)
>{
>l_fds=select(sd+1, &filedes_set,NULL,NULL,
&l_connect_timeout);
Why are you 'select'ing for readability even if the library returns
'SSL_ERROR
> Thanks for the quick reply from your side . I understand and respect
> your opinion regarding OpenSSL usage .But I need to strip the Openssl
> library to the bare minimum for my own use with the app as I wil be
> using my own crypto library .
So is your question really "how can I plug my own
> I'm trying to build OpenSSL with least support for crypto
> algorithms expt the cases where they are really needed for it to work .
> My sole purpose of all this is to reduce the memory footprint of the
> application that uses OpenSSL.. All I want is the procedure to do
> so on a WIN32 platform
> To do that properly you do need to at least parse some of the
> ASN1 data. There
> is some header information at the start which contains the
> SEQUENCE tag+length
> bytes.
>
> The actual bit you will hash is in the middle of the data. One SEQUENCE
> header is deleted from the start and some dat
anyone knows of a good way to
do this, I'd be grateful if you could point me to it.
Thank you,
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listop
> Well the first embedded SEQUENCE is the tbsCertificate data. You
> need to hash
> all of that including the SEQUENCE tag+length bytes.
This is correct. My previous statement that you don't include the tag and
length bytes was incorrect. Sorry.
DS
Harakiri wrote:
> i've not digged through the whole openssl source yet - but it
> seems to me that the recent Debian
> Issue with the ssleay_rand_add method here
> http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_ra
> nd.c?rev=141&view=diff&r1=141&r2=140&p1=openssl/trunk/rand/md_ra
ERR_remove_state(0);
ERR_free_strings(); // might be useless
Surely I'm doing something wrong, and I'd be glad if some
experts from you could lighten me :-)
Best regards,
David Gauchard
Valgrind logs :
==5410== 1,597,904 (699,608 direct, 898,296 indirect) bytes in 10,931 blocks
are definitely
> Finally - how real is this concern? What is the probability that say a
> 2048bit generated key could fall into the 32,767 keys in the metasploit
> SSH example on unaffected systems?
>
> Best Regards,
>
> Deane
If you think about it, it doesn't make sense. Suppose I include a randomish
string in
> David Schwartz wrote:
> > ... Suppose I include a randomish
> > string in my message "46e8bd8ceae57f8b7af66536e7859bad". Any
> > attacker might
> > see this message -- it's public. So he can certainly try that
> > string as your
>
> On Wed, May 28, 2008 at 03:38:47PM -0700, David Schwartz wrote:
> > In principle, specifically avoiding these keys weakens the
> > algorithm by reducing the keyspace.
> >
> Only against random attacks of course, if all attackers first check these
> keys, then re
> David Schwartz wrote:
>
> > Every known key, provided there are not too many known keys, is weak.
>
> Once again, you have a very idiosyncratic lexicon of cryptographic
> terms. How about if we use these words the way cryptographers do?
>
> A weak key is one t
Travis wrote:
> Agreed.
>
> Let's assume that users tend to pick the password "password" when
> given a choice.
>
> Now adversaries try the most common password, namely "password", first.
>
> Security conscious admins ban the word "password" as a password.
> Yes, this does reduce the keyspace a t
> The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
> errno equal to EAGAIN. Calling SSL_write() again seems to solve the
> problem. I have the impression that SSL_write() should return
> SSL_ERROR_WANT_WRITE in this situation.
> * the underlying socket is blocking
It sounds l
> I'm seeing weird OpenSSL behaviour and I suspect it's a bug in
> the library.
It sounds like a typical protocol error.
> The problem is that SSL_write() sometimes returns SSL_ERROR_SSL with
> errno equal to EAGAIN.
This is your problem. You are confusing yourself by checking 'errno'.
SSL_writ
> Changing this is would involve including independent date
> routines which don't
> have this restriction. I did start on this some time ago but other higher
> priority tasks (e.g. paid ones!) took over.
I've got 64-bit date/time routines that are good out to 2270 that work fine
on 32-bit archit
> On Thu, Jun 05, 2008, David Schwartz wrote:
>
> >
> > 1) All routines are based on a uint64_t to hold the seconds
> since the epoch.
> > So you can still easily convert to/from time_t for in-range values.
> >
>
> Well there has been a problem on some pla
> What is the acceptable lower limit for the number of bytes for
RAND_load_file()?
Nobody can tell you what your requirements are. Some people will consider it
acceptable just to read 1KB from /dev/urandom. This is only a problem if the
entropy pool was never seeded, which is always at least poss
> This code just goes into a loop and keeps writing the first piece
> of info it reads. What am I doing wrong here?
>
> while (nread = BIO_gets(out, buf, sizeof(buf) ) )
> {
> err = BIO_write(out,buf,nread );
> }
That's precisely what it's coded to do. Get a byte, then write that byte
out, t
> I am wrapping an ssl socket using c++ and use a third party library
> steam implementation. the library I use requires an implementation of a
> copy constructor. I managed to dup and initialize a simple BIO and then
> free it as required, but when it comes to SSL struct, thing don't seem
> to wo
201 - 300 of 1421 matches
Mail list logo
