Hello > I have some doubts over the ssl buffer. Let I put my questions below > > 1. What happens when the server keeps on writing and no data has been > read from the client?, Is there any possibility of buffer overflow?. > Please explain this senarion briefly. This depends on protocol that caries SSL record rather than SSL. If server sends SSL records over TCP and client is not reading this data then operating system network buffers collect this data until has free space. Next action depends on TCP layer how for example client TCP stack will inform server TCP stack to not send more data. There are some algorithms in TCP to avoid congesting the network which may mean: avoid send data faster than the host on the other end can utilize it.
> 2. Assume that during the ssl handshake we have some un read data in > the ssl buffer. When the application is crashed or closed in the > middle of the transacion will that the buffer(which holds the un read > data ) will lead to memory leaking. Memory buffers ale allocated on initializing SSL object and are used for reading/writing SSL records. When process is terminated all memory allocated by this process (maybe without shared memory) are returned to system. In general if you free SSL object after successful or failed handshake there should be no memory leak. (remember of error stack free in threads). > 3. Where the ssl have its default buffer?, either in stack or heap > locations? Dynamically allocated in SSL object which means in heap. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
