darkone
12-22-2002, 08:31 AM
Just downloaded 2.0 to test compatability with my daemon. Noticed couple of minor 'bugs' in it:
- It does not perform SSL_shutdown() when requested (Most clients and servers are violating this TLS rule, but it's the only way to check data integrity)
- Instead of ABOR some garbage is being sent to daemon
www.openssl.org
The shutdown procedure consists of 2 steps: the sending of the ``close notify'' shutdown alert and the reception of the peer's ``close notify'' shutdown alert. According to the TLS standard, it is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response (this way resources can be saved, as the process can already terminate or serve another connection). When the underlying connection shall be used for more communications, the complete shutdown procedure (bidirectional ``close notify'' alerts) must be performed, so that the peers stay synchronized.
Cheers, dark0n3
- It does not perform SSL_shutdown() when requested (Most clients and servers are violating this TLS rule, but it's the only way to check data integrity)
- Instead of ABOR some garbage is being sent to daemon
www.openssl.org
The shutdown procedure consists of 2 steps: the sending of the ``close notify'' shutdown alert and the reception of the peer's ``close notify'' shutdown alert. According to the TLS standard, it is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for the peer's response (this way resources can be saved, as the process can already terminate or serve another connection). When the underlying connection shall be used for more communications, the complete shutdown procedure (bidirectional ``close notify'' alerts) must be performed, so that the peers stay synchronized.
Cheers, dark0n3