Victor Duchovni:
>
> When a user requests SSL protocol debug logging from Postfix, we use
> essentially boilerplate code from SSL_CTX_set_info_callback(3):
And then they see so much crap that it freaks them out, and not
just the buffer-empty conditions.
It's like when people installed tcp wrapper. For the first time
they looked at their logfiles, saw all kinds of unrelated errors,
freaked out and blamed me for it.
> } else if (where & SSL_CB_EXIT) {
> if (ret == 0)
> msg_info("%s:failed in %s",
> str, SSL_state_string_long((SSL *) s));
> else if (ret < 0) {
> switch(SSL_get_error((SSL *)s, ret)) {
> case SSL_ERROR_WANT_READ:
> case SSL_ERROR_WANT_WRITE:
"get" operations that make VISIBLE changes to the SSL handle would
be exceptionally poor engineering.
You're doing enough TLS that you can be the guinea pig.
Wietse
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
