Hi Seema, > Thus, there seems to be a need for ssl_connect to timeout, in order to > protect against such buggy servers. My query was: > > 1) Does ssl_connect have such an internal timeout mechanism > after which the > OpenSSL will give up on the connection attempt and return > failure for the ssl_connect call? > OR > 2) Does a client application have to implement such a timer in its own > scope?
I'm not an expert at SSL but the only way I could see to do this is by using non blocking I/O. This will make SSL_connect() return with SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. You can then use select() to implement your timeout. I think therefore that option (2) is the answer. Hope this helps, Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
