On Thu, Sep 23, 1999 at 09:04:02PM +0200, Jan Meijer wrote:
> We're planning on using stunnel in a production environment, but only if we
> can somehow verify how trustworthy it is. We could perform a
> source-code-review, but perhaps it's fully trusted by you all?
Trustworthy in what sense? There are not hints of intentional
backdoors or something, but on the other hand the multi-threading code
is not fully thread-safe, and the select() is not done correctly and
might occasionally block during renegotations (nothing of all this is
worse than sendmail's longjmps from signal handlers, so if you already
use sendmail, you needn't worry).
Disclaimer: I have not yet looked at the most recent version of stunnel.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
