Hi there,
> * The OpenSSL API does not offer a call to remove the private key
> information from memory as long as any TLS functionality is still
> set up.
> (-> reminder: check, whether the memory overwritten when performing
> SSL_free()/SSL_CTX_free()..)
> To be compliant with RFC2246
On Fri, Jan 18, 2002 at 10:10:36AM -0700, Ben Schumacher wrote:
> I am trying on integrating OpenSSL into a POP3 daemon that I've been
> contributing to, and a security concern has come up that I hadn't
> considered but has me curios. Basically, as with most POP3 daemons,
> after authentication, t
Hello-
I am trying on integrating OpenSSL into a POP3 daemon that I've been
contributing to, and a security concern has come up that I hadn't
considered but has me curios. Basically, as with most POP3 daemons,
after authentication, the program forks an external process and does a
setuid to the au