Hello,
I would like to know at what time have I to call shutdown ? is there a case
I have no choice ( and so I have to shutdown ).
In fact, I develop a secure stack between TCP and an application. . So in
appli_connect( ), appli_read( ), ... appli_accept( ) are defined like these
:
appli_connect(appli_num, ... ){
connect(appli_num->sock , ...);
...
SSL_connect(appli_num->ssl, ...);
}
appli_accept(appli_num, ...){
accept(appli_num->sock, ...);
...
SSL_accept(...);
}
appli_read( ){
...
}
appli_write( ){
..
}
2011/2/16 lzyzizi <lzyz...@126.com>
> Sorry, I made you confusing.
> 1)I just want to say that it depends on your needs to call
> SSL_CTX_free().For example ,you develop an application that needs user to
> import the certificate .If the user import the wrong certificate , you may
> not call SSL_CTX_free to free the SSL_CTX object.You may tell the user that
> your certificate is wrong, and let him import again.
> Sometimes,you develop a server.Every time starting server, the server will
> load the certificate.The failure of calling SSL_CTX_use_certificate_file
> means that it load the wrong certificate,If it is a fatal error for you,you
> should call SSL_CTX_free to SSL_CTX object and end your server.
>
> I think usage of SSL_CTX/SSL function is not about the SSL usage ,but the
> common sense of object-oriented programming.When to kill the object denpends
> what your program needs.
>
>
> At 2011-02-16 19:40:50,"Aro RANAIVONDRAMBOLA" <razuk...@gmail.com> wrote:
>
> 2) => OK
> 1) I do not understand when you say I can also call
> SSL_CTX_use_certificate_file( ) to load another certificate file ...
> if it fails how can you load another certificate file ?
>
>
> 2011/2/15 lzyzizi <lzyz...@126.com>
>
>> What time have you to call SSL_free() and SSL_CTX_free() depends what you
>> want to end the SSL/SSL_CTX object's lifecycle.Calling these functions is
>> just like *del* the object in C++,which means you don't want the object
>> any more.
>> The failure of calling functions(e.g.SSL_CTX_set_cipher_list( ),
>> SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( )) does not mean
>> that the SSL/SSL_CTX object won't work any more.For example, if the
>> SSL_CTX_use_certificate_file() fails, it just means that the certificate
>> file may be not OK.You can also call it to load another certificate file.
>>
>> 2)You may not call SSL_CTX_free(),when SSL objects fails.Because the
>> SSL_CTX object is used to create SSL object as a factory.SSL_CTX may create
>> many SSL objects.An SSL object just means that this SSL handshake(or other
>> operations) has errors,which does not imply that SSL_CTX object has
>> error.Especially,
>> the failure of these functions(SSL_connect( ), SSL_accept( ),
>> SSL_get_verify_result()) is common in SSL handshake, because your peer sent
>> wrong certificate to you or something that violated the SSL protocol.It is
>> not your fault,so you just need to free the SSL object or do some
>> reconnection operation.
>>
>>
>> At 2011-02-15 22:40:29,"Aro RANAIVONDRAMBOLA" <razuk...@gmail.com> wrote:
>>
>> Hello,
>> I 'd like to know at what time have I to call SSL_free( ) and
>> SSL_CTX_free( )
>> 1) For example, I call SSL_CTX_free( ) when a call to a function which
>> fill in the CTX fails ( SSL_CTX_set_cipher_list( ),
>> SSL_CTX_use_certificate_file( ), ..., SSL_CTX_set_verify( ) ). I am
>> wondering if it is a good idea.
>> 2) I call both SSL_free( ) and SSL_CTX_free( ) when a function using SSL
>> object fails. it concerns SSL_connect( ), SSL_accept( ),
>> SSL_get_verify_result(), ... is that OK ?
>> thanks
>>
>>
>>
>>
>
>
>
